Cyber Security Graduate School
Training
Certification
Internet Storm Center
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software SecurityWelcome to the Security Laboratory. I'm Stephen Northcutt and like many of you I am a manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security as well as the people side of the job. The "Security Labratory", for you creative spellers, is an informal set of articles and whitepapers, almost a blog, about security, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Security 401 Security Essentials and the GIAC Security Essentials Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu.
Click here to subscribe to the Security Laboratory Article Feed
Security Laboratory: Defense In Depth Series
Hybrid Threats - Jun 18th, 2008
By Stephen Northcutt
Though it is certainly true that malware has evolved a lot in this
decade, the tools in use today are more similar than different from
the attacker tools of ten years ago. The command and control is better,
they are better able to evade detection, but still they are very
similar. Here we take a look at hybrid threats: in the early days of malware, it was fairly easy to classify malware as
a virus, worm, or Trojan, but these days many attacks use features of each
other.
The Attack Surface Problem - Jan 7th, 2011
By Stephen Northcutt
One of the most important things to understand about defense in depth
is attack surface. We can define attack surface as our exposure, the
reachable and exploitable vulnerabilities that we have.
Can you build a Defense in Depth architecture without an architect? - May 13th, 2008
By Stephen Northcutt, J. Michael Butler and the GIAC Advisory Board
We interviewed a number of GIAC Advisory Board members who have been working as architects for major enterprises as to what they look for an architecture position.
Security Convergence and The Uniform Method of Protection to Achieve Defense in Depth - Sep 7th, 2007
By Stephen Northcutt
Security convergence is an interesting trend that has been picking up
speed heading into 2008. We are running network information that was
formerly analog over our digital data networks, we are converging
formerly separate network devices, especially at the perimeter, and we
are starting to see physical and classic network security groups
beginning to merge. If the trend continues unabated, it will end up
saving us a lot of money and giving us a lot less actual remediation of
risk than past practice.
The Uniform Method of Protection to Achieve Defense-in-Depth - Feb 26th, 2007
By Stephen Northcutt
The uniform method of protection for defense-in-depth generally involves a firewall separating the internal trusted zone from the Internet, most implementations have anti-virus in the mail store and forward on the servers and desktops. It generally means that all internal hosts receive the same level of protection from attack by the computer network infrastructure. It is the most commonly and easily implemented architecture and least effective in terms of achieving a high degree of information assurance unless all IT contained information assets are of equal importance to the organization.
View Archives »
Information Centric Approach to Defense-in-Depth - Feb 26th, 2007
By: Stephen Northcutt
As an information security manager it is critical to understand and to be able to help others understand the value of information. In addition to richly valuable information such as intellectual property (patents, trademarks, copyrights, know how, data schema) there is also data including the increasingly important business record. Is the uniform approach to Defense-in-Depth appropriate when it comes to information?
Vector Oriented Defense in Depth - Feb 26th, 2007
By: Stephen Northcutt
"You shall not pass", cried Gandalf standing on a narrow rock bridge facing the Balrog at the mines of Moria. Gandalf's resolve was unshakable. The actor portrayed the moment extremely well, showing fear and dread, yet a unshakable determination, proclaiming "You shall not pass!" And, through the magic of movie making, leaves those of us in the information security manager community with a fantastic word picture of vector oriented defense-in-depth.
Role Based Access Control to Achieve Defense in Depth - Dec 26th, 2007
By: Stephen Northcutt based on research work by Richard Hammer and Peter Leight
Role-based access control (RBAC) is an access control method that organizations implement to ensure that access to data is performed by authorized users, and enterprise based RBAC is accomplished with Network Access Control (NAC).
