Student Projects

SANS Technology Institute - The most advanced technical hands on security training on the planet and a master's in information security degree program. Apply today! Click Here »

Students seeking a Master of Science in Information Security write white papers on various computer security topics. Student papers are posted here as a resource for the community.

2011
Title Author Month Files
Security Controls Implementation Plan John Hally, Erik Couture Aug View White Paper - PDF (280 KB)
View Presentation with Notes - PDF (215 KB)
View Project Plan - PDF (72 KB)
Assessing Outbound Traffic to Uncover Advanced Persistent Threat Beth E. Binde, Russ McRee, Terrence J. O'Connor May View White Paper - PDF (1.10 MB)
View Intrusion Detection FAQ - PDF (41 KB)
View Presentation - PDF (950 KB)
View Project Plan Part 1 - XLS (33 KB)
View Project Plan Part 2 - PDF (1.1 MB)
Web Application Security Assessment Policy John Hally Feb View Slides - PDF (2.0 MB)
View Report - PDF (57 KB)
Password Policy John Hally Feb View Slides - PDF (111 KB)
View Report - PDF (127 KB)
Assessing Privacy Risks from Flash Cookies Stacy Jordan and Kevin Fuller Feb View Report - DOCX (7.3MB)
View Slides with Notes - PPTX (1.2MB)
View Project Plan - DOCX (25.4KB)
Top of page
2010
Title Author Month Files
The Rapid Implementation of IPv6 at GIAC Enterprises

Parenthetical: Students were given the assignment and delivered the presentation 24 hours later in a manner understandable by a Chief Information Officer

View Summary
Assignment Summary

One night, you get a phone call from your IT staff: The connection with one of the plants has been down and they can't get it back. They went over the basic trouble shooting checklist but can't figure it out. You do your own checks from home, and find out that the host name you use to connect to the plant no longer resolves to an IPv4 "A" record, but instead an IPv6 "AAAA" record. The CIO wants You to "fix it." Without the direct link, the company may end up with bad inventory readings and lose a lot of money during the holiday season. He asks you to come up with a plan to connect your ERP web service to the Chinese plant via IPv6 that can be implemented in a week or less. The plan needs to be ready tomorrow so he can sign off on it. You are so far not ready for IPv6, have no IPv6 allocation, and have no idea what part of your network can handle IPv6 traffic. Prepare a plan and have it ready to present to the CIO and CEO by tomorrow.

 Stacy Jordan, Beth Binde, Glen Roberts Dec View Report - PDF (656KB)
View Slides - PDF (3.4MB)
Working from Home: Issues and Strategies

Parenthetical: Students were given the assignment and delivered the presentation 24 hours later in a manner understandable by a Chief Information Officer

View Summary
Assignment Summary

The CIO calls you in one night for a special tiger team project. The IT strategic planning committee has decided to embark on a bold initiative: in the next generation of database they intend to transition from a relational database to a temporal XML data model. Since the data center is maxed out, the plan is to retire the current relational database system and store the company's operational data (customer lists, invoices, etc.) in the new database as well as the fortunes. The CIO is excited because he believes this is an opportunity to improve the performance of the GIAC Enterprises DLP solution.

 Jerome Radcliffe Nov View Report - PDF (119KB)
The Half-Life of Information at GIAC Enterprises Charlie Scott & Stephen Strom Nov View Report - PDF (426 KB)
View Slides - PDF (291 KB)
Psychology for Security Awareness Ahmed Abdel-Aziz Sep View Report - PDF (673KB)
Joint Written Project- What's in the data bucket? Event Correlation and SIEM Vendor Approaches Brough Davis, Jim Horwath, John Zabiuk Jul View Report - PDF (4.8MB)
View Slides with Notes - PPT (215KB)
View Project Plan - DOC (92KB)
View Press Release - DOC (30KB)
Group Discussion and Written Project - Is GIAC Enterprises' cryptography strong enough to protect our information? Robert Comella, Brough Davis Jun View Report - DOC (198KB)
View Slides - PDF (132KB)
Group Discussion and Written Project- Design Phase One of an iPhone Rollout Mark Baggett, Jim Horwath Jun View Report - PDF (1MB)
View Slides - PPT (992KB)
View Report - PDF (1MB)
Remote Access Tools Policy John Jarocki May View Policy - PDF (76KB)
View Slides with Notes - PPTX (200KB)
Security Awareness: Many Audiences, Many Messages Rob VandenBrink Apr View Slides with Notes - PDF (2MB)
View Report - PDF (326KB)
View Poster - PDF (87KB)
Group Discussion and Written Project - GSM Risks and Countermeasures Greg Farnham, Kevin Fuller Apr View Report - PDF (141KB)
Visitor and Contractor Access Policy Rob VandenBrink Apr View Poster - PDF (566KB)
View Policy - PDF (104KB)
How to Review and Assess Information Security Policy: The Six-Step Process Ahmed Abdel-Aziz Feb View Report - PDF (319KB)
Top of page
2009
Title Author Month Files
SQL Injection in Microsoft Environments Jim Beechey Dec View Report - PDF (387KB)
Digital Acceptance Policy Charlie Scott Oct View Policy - PDF (115KB)
View Slides - PDF (82KB)
Protecting Your Business from Online Banking Fraud Robert Comella, Greg Farnham, John Jarocki Oct View Report - PDF (3MBB)
View Slides - PDF (689KB)
View Press Release - PDF (689KB)
View Project Plan - PDF (1MB)
Digitally Sign Your Emails Charlie Scott Oct View Slides - PDF (2.34MB)
View Poster - PDF (493KB)
DownAdUp / Conficker Incident Jim McMillan and Rob VandenBrink Sep View Report - PDF (480KB)
View Slides - PDF (526KB)
View Project Plan - PDF (47KB)
End User Encryption Key Protection Rick D. Smith Aug View Poster - PDF (207KB)
View Policy - PDF (92KB)
Social Engineering Awareness: Employee Front Desk Communication and Awareness Emilio Valente Aug View Poster - PDF (175KB)
View Policy - PDF (72KB)
Computer Disaster Recovery Plan Robert Comella Jul View Poster - PDF (3.76MB)
View Policy - PDF (46KB)
Communications Equipment Security Manuel Humberto Santander Pelaez Jul View Poster - PDF (83KB)
View Policy - PDF (40KB)
When was your last backup? Robert Comella Jun View Poster - PDF (912KB)
View Poster - PDF (912KB)
View Presentation Slides - PDF (720KB)
Survey for the First Company using Virtual Desktop Infrastructure (VDI) Tim Proffitt and Emilio Valente Jun View Survey 1 - PDF (54KB)
View Survey 2 - PDF (51KB)
Virtual Desktop Infrastructure (VDI) Emilio Valente and Tim Proffitt Jun View Slides - PDF (156KB)
View Checklist - PDF (61KB)
Is Virtual Desktop Infrastructure (VDI) Right for Me? Tim Proffitt and Emilio Valente Jun View Report - PDF (101KB)
Planned and Unplanned Outages James Voorhees May View Policy - DOC (36KB)
Notifying the Enterprise about Outages James Voorhees May View Slides - PPT (84KB)
Patch Management Brad Ruppert May View Policy - DOC (60KB)
View Poster - JPG (340KB)
Web Application Firewalls: Defense in Depth for Your Web Infrastructure Jim Beechey Apr View Report - DOC (68KB)
Book Summary: Mastering Web Services Security by Bret Hartman, Donald J. Flinn, Konstantin Beznosov, Shirley Kawamoto Brad Ruppert Apr View Report - DOC (40KB)
Downadup Incident - GIAC Enterprises - Report Tim Proffitt, Seth Misenar, John Jarocki Mar View Report - PDF (184KB)
Malware Detection/Prevention - GIAC Enterprises - Slides John Jarocki, Seth Misenar, Tim Proffitt Mar View Slides with Notes - PPT (172KB)
Top of page
2008
Title Author Month Files
Book Review: Web Security, Privacy & Commerce, 2nd Edition, by Simson Garfinkel and Gene Spafford Mason Pokladnik Nov View Report - DOC (44KB)
Technology Equipment Disposal Jim Beechey Oct View Poster - PDF (118KB)
View Policy - DOC (32KB)
GIAC Enterprises Desktop Protection Jim Beechey and Emilio Valente Sep View Report - DOC (100KB)
View Slides with Notes - PPT (760KB)
Clean Desk Tim Proffitt Aug View Policy - DOC (32KB)
View Poster - PDF (376KB)
Source Code Disclaimer Jay Radcliffe Aug View Policy - DOC (52KB)
View Poster - PDF (68KB)
Why Do You Audit? - Report Mason Pokladnik Jun View Report - DOC (52KB)
Data Retention & Cost Effective Data Loss Prevention Techniques Eric Conrad, Mason Pokladnik, Manuel Santander Apr View Report - PDF (424KB)
View Slides - PDF (204KB)
Mobile Device Encryption - Lost Laptops - Poster Eric Conrad Mar View Poster - DOC (490KB)
Mobile Device Encryption - Policy Eric Conrad Mar View Policy - DOC (48KB)
Workstation Security Russell Meyer Feb View Policy - DOC (52KB)
View Poster - DOC (1.1MB)
Top of page
2007
Title Author Month Files
Responsible Web Use - Poster Kevin Bong Nov View Poster - PDF (76KB)
Employee Internet Use Monitoring and Filtering Policy - Report Kevin Bong Nov View Report - PDF (80KB)
Software Installation Policy John Brozycki Nov View Project Poster - PDF (868KB)
View Project Report - PDF (16KB)
eDiscovery - Data Classification, Retention, and Litigation Policies and Procedures - Report Russell Meyer and Brad Ruppert Sep View Project - PDF (108KB)
RBAC Defense in Depth for GIAC Enterprises - Report Russell Meyer and Brad Ruppert Sep View Project Report - DOC (2.7MB)
View Project Slides - PPT (140KB)
UTM (Unified Threat Management) - Validating a UTM Device Manuel Santander and Mason Pokladnik Sep View Project - DOC (1MB)
Perimeter Convergence - Project Plan and Design Manuel Santander and Mason Pokladnik Sep View Project - DOC (143KB)
eDiscovery Policies and Procedures - Slides Brad Ruppert and Russell Meyer Sep View Project - PPT (268KB)
View Project - PPT (268KB)
GIAC Enterprises Network Deployment, Phase 1: The Perimeter Rodney Caudle, Jay Radcliffe, Jim Voorhees Jul View Project Report - DOC (252KB)
View Project Slides - PPT (320KB)
Web Application Security Implementation Kevin Bong and John Brozycki Jul View Project - PPT (136KB)
Managing Large Botnets Kevin Bong and John Brozycki Apr View Project - DOC (1.6MB)
Top of page
2006
Title Author Month Files
Mobile Encryption Rick Wanner and Rick Smith Dec View Project Report - PDF (172KB)
View Project Slides - PPT (96KB)
Server Malware Protection Policy Brian Granier Nov View Project - PDF (24KB)
Not Everything is as it Seems - Poster Brian Granier Nov View Project - PDF (288KB)
How to Use Windows Security Auditing Tools Project Plan Rodney Caudle, Eric Conrad, James Voorhees Sep View Project Plan - DOC (708KB)
View Slides - PPT (576KB)
Defense-in-Depth - What Is It? Peter Leight and Richard Hammer Aug View Project Report - DOC (340KB)
View Project Slides - PPT (188KB)
Role-Based Access Control (RBAC) Approach for Defense-in-Depth Peter Leight and Richard Hammer Aug View Project Report - DOC (2MB)
View Project Slides - PPT (148KB)
Trusted Platform Module (TPM) - Report Peter Leight and Richard Hammer Jun View Project Report - DOC (60KB)
Trusted Platform Module (TPM) - Slides Peter Leight and Richard Hammer May View Project Slides - PPT (88KB)
Top of page
SANS 2012 - Orlando

Featured Research

Student Presentations

Expanding Response: Deeper Analysis for Incident Handlers
By Russ McRee | Nov 2011 | 622 KB

Detecting and Responding to Data Link Layer Attacks with Scapy
By TJ O'Connor | Sep 2011 | 2.44 MB

Scoping Security Assessments: A Project Management Approach
By Ahmed Abdel-Aziz | Sep 2011 | 387 KB

View More Student Presentations »

Featured Student/Alumni

Erik Couture Alumn

Erik Couture

Erik Couture is a Major in the Signals Corps of the Canadian Army, where he has served in a wide breadth of roles over the past nine years. He is experienced in networks and IT, satellite and tactical communications, and electronic warfare. He has been deployed to Afghanistan on two occasions in support of the coalition mission.

Click here to read more »

 

Internet Storm Center

View our Site Directory

Contact Us

Phone: (720) 941-4932
Questions: info@sans.edu
Web: webmaster@sans.edu

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role. "
- Jerome Radcliffe, SANS Technology Institute Student