Student Projects

Student Projects

All individuals accepted into the SANS Technology Institute are provided with the opportunity to be a published prestigious researcher and author for our security college. Apply today! Click Here »

Students seeking a Master of Science in Information Security write white papers on various computer security topics. Student papers are posted here as a resource for the community.

2012
Title Author Month Files
Social Networking Policy Rick Wanner Sep View Policy - PDF (102 KB)
View Poster - JPG (336 KB)
Vulnerability Assessment Policy Rick Wanner Sep View Policy - PDF (90 KB)
View Poster - JPG (385 KB)
Jumpstart a Web Application Secure Coding Program: A Five Step Process Jim Beechey Aug View Paper - PDF (180 KB)
Plan to Implement Awareness Aron Warren Jul View Steering Committee Matrix - PDF (45 KB)
View Stake Holder Matrix - PDF (49 KB)
View Security Awareness Survey - PDF (102 KB)
View Project Charter - PDF (90 KB)
View Learning Objectives - PDF (123 KB)
View Execution Plan - PDF (184 KB)
Server Audit Policy Russell Eubanks Feb Server Audit Policy - DOC (41 KB)
Server Audit Policy Poster - JPG (795 KB)
Audit Vulnerability Scan Policy Poster - JPG (487 KB)
Incorporating and Automating Critical Control 19: Secure Network Engineering for Next Generation Data Center Networks Aron Warren, George Khalil, Michael Hoehl Feb View White Paper - DOC (6.8 MB)
View Presentation - PPT (534 KB)
View Project Plan - XLS (37 KB)
View Project Charter - DOC (86 KB)
Automating Crosswalk between SP 800, the 20 Critical Controls, and the Australian Government Defence Signals Directorate's 35 Mitigating Strategies Ahmed Abdel-Aziz, Robert Sorensen Feb View White Paper - DOC (1.9 MB)
View Presentation - PPT (1.5 MB)
View Project Plan - XLSX (12 KB)
View WBS - PDF (45 KB)
View Dashboard - PNG (147 KB)
View Tasks - PNG (102 KB)
View Gantt View - PNG (90 KB)
View Milestones - PNG (45 KB)
View Tasks - PNG (102 KB)
View Press Release - DOC (33 KB)
Top
2011
Title Author Month Files
Creating a No Phishing Zone Russell Eubanks, Tsega Thompson Dec View White Paper - DOC (868 KB)
View Presentation - PPTX (172 KB)
View Project Plan - XLSX (29 KB)
Establishing a Security Metrics Program Chris I. Cain, Erik Couture Sep View White Paper - DOC (139 KB)
View Presentation - PPT (918 KB)
View Annex A Dashboard - XLS (127 KB)
View Project Plan - PDF (147 KB)
View Project Plan Appendix 1 - PDF (61 KB)
View Project Plan Appendix 2 - PDF (82 KB)
View Press Release - DOCX (16 KB)
Security Controls Implementation Plan John Hally, Erik Couture Aug View White Paper - PDF (280 KB)
View Presentation with Notes - PDF (215 KB)
View Project Plan - PDF (72 KB)
Assessing Outbound Traffic to Uncover Advanced Persistent Threat Beth E. Binde, Russ McRee, Terrence J. O'Connor May View White Paper - PDF (1.10 MB)
View Intrusion Detection FAQ - PDF (41 KB)
View Presentation - PDF (950 KB)
View Project Plan Part 1 - XLS (33 KB)
View Project Plan Part 2 - PDF (1.1 MB)
Web Application Security Assessment Policy John Hally Feb View Slides - PDF (2.0 MB)
View Report - PDF (57 KB)
Password Policy John Hally Feb View Slides - PDF (111 KB)
View Report - PDF (127 KB)
Assessing Privacy Risks from Flash Cookies Stacy Jordan and Kevin Fuller Feb View Report - DOCX (7.3MB)
View Slides with Notes - PPTX (1.2MB)
View Project Plan - DOCX (25.4KB)
Top
2010
Title Author Month Files
The Rapid Implementation of IPv6 at GIAC Enterprises

Parenthetical: Students were given the assignment and delivered the presentation 24 hourslater in a manner understandable by a Chief Information Officer

View Summary
Assignment Summary

One night, you get a phone call from your IT staff: The connection with one of the plants has been down and they can'tget it back. They went over the basic trouble shooting checklist but can't figure it out. You do your own checks from home, and find out that the hostname you use to connect to the plant no longer resolves to an IPv4 "A" record, but instead an IPv6 "AAAA" record. The CIO wants You to "fix it."Without the direct link, the company may end up with bad inventory readings and lose a lot of money during the holiday season. He asks you to come upwith a plan to connect your ERP web service to the Chinese plant via IPv6 that can be implemented in a week or less. The plan needs to be readytomorrow so he can sign off on it. You are so far not ready for IPv6, have no IPv6 allocation, and have no idea what part of your network can handleIPv6 traffic. Prepare a plan and have it ready to present to the CIO and CEO by tomorrow.

 Stacy Jordan, Beth Binde, Glen Roberts Dec View Report - PDF (656KB)
View Slides - PDF (3.4MB)
Working from Home: Issues and Strategies

Parenthetical: Students were given the assignment and delivered the presentation 24 hourslater in a manner understandable by a Chief Information Officer

View Summary
Assignment Summary

The CIO calls you in one night for a special tiger team project. The IT strategic planning committee has decided toembark on a bold initiative: in the next generation of database they intend to transition from a relational database to a temporal XML data model. Sincethe data center is maxed out, the plan is to retire the current relational database system and store the company's operational data (customer lists, invoices, etc.) in the new database as well as the fortunes. The CIO isexcited because he believes this is an opportunity to improve the performance of the GIAC Enterprises DLP solution.

 Jerome Radcliffe Nov View Report - PDF (119KB)
The Half-Life of Information at GIAC Enterprises Charlie Scott & Stephen Strom Nov View Report - PDF (426 KB)
View Slides - PDF (291 KB)
Psychology for Security Awareness Ahmed Abdel-Aziz Sep View Report - PDF (673KB)
Joint Written Project- What's in the data bucket? Event Correlation and SIEM Vendor Approaches Brough Davis, Jim Horwath, John Zabiuk Jul View Report - PDF (4.8MB)
View Slides with Notes - PPT (215KB)
View Project Plan - DOC (92KB)
View Press Release - DOC (30KB)
Group Discussion and Written Project - Is GIAC Enterprises' cryptography strong enough to protect our information? Robert Comella, Brough Davis Jun View Report - DOC (198KB)
View Slides - PDF (132KB)
Group Discussion and Written Project- Design Phase One of an iPhone Rollout Mark Baggett, Jim Horwath Jun View Report - PDF (1MB)
View Slides - PPT (992KB)
View Report - PDF (1MB)
Remote Access Tools Policy John Jarocki May View Policy - PDF (76KB)
View Slides with Notes - PPTX (200KB)
Security Awareness: Many Audiences, Many Messages Rob VandenBrink Apr View Slides with Notes - PDF (2MB)
View Report - PDF (326KB)
View Poster - PDF (87KB)
Group Discussion and Written Project - GSM Risks and Countermeasures Greg Farnham, Kevin Fuller Apr View Report - PDF (141KB)
Visitor and Contractor Access Policy Rob VandenBrink Apr View Poster - PDF (566KB)
View Policy - PDF (104KB)
How to Review and Assess Information Security Policy: The Six-Step Process Ahmed Abdel-Aziz Feb View Report - PDF (319KB)
Top
2009
Title Author Month Files
SQL Injection in Microsoft Environments Jim Beechey Dec View Report - PDF (387KB)
Digital Acceptance Policy Charlie Scott Oct View Policy - PDF (115KB)
View Slides - PDF (82KB)
Protecting Your Business from Online Banking Fraud Robert Comella, Greg Farnham, John Jarocki Oct View Report - PDF (3MBB)
View Slides - PDF (689KB)
View Press Release - PDF (689KB)
View Project Plan - PDF (1MB)
Digitally Sign Your Emails Charlie Scott Oct View Slides - PDF (2.34MB)
View Poster - PDF (493KB)
DownAdUp / Conficker Incident Jim McMillan and Rob VandenBrink Sep View Report - PDF (480KB)
View Slides - PDF (526KB)
View Project Plan - PDF (47KB)
End User Encryption Key Protection Rick D. Smith Aug View Poster - PDF (207KB)
View Policy - PDF (92KB)
Social Engineering Awareness: Employee Front Desk Communication and Awareness Emilio Valente Aug View Poster - PDF (175KB)
View Policy - PDF (72KB)
Computer Disaster Recovery Plan Robert Comella Jul View Poster - PDF (3.76MB)
View Policy - PDF (46KB)
Communications Equipment Security Manuel Humberto Santander Pelaez Jul View Poster - PDF (83KB)
View Policy - PDF (40KB)
When was your last backup? Robert Comella Jun View Poster - PDF (912KB)
View Poster - PDF (912KB)
View Presentation Slides - PDF (720KB)
Survey for the First Company using Virtual Desktop Infrastructure (VDI) Tim Proffitt and Emilio Valente Jun View Survey 1 - PDF (54KB)
View Survey 2 - PDF (51KB)
Virtual Desktop Infrastructure (VDI) Emilio Valente and Tim Proffitt Jun View Slides - PDF (156KB)
View Checklist - PDF (61KB)
Is Virtual Desktop Infrastructure (VDI) Right for Me? Tim Proffitt and Emilio Valente Jun View Report - PDF (101KB)
Planned and Unplanned Outages James Voorhees May View Policy - DOC (36KB)
Notifying the Enterprise about Outages James Voorhees May View Slides - PPT (84KB)
Patch Management Brad Ruppert May View Policy - DOC (60KB)
View Poster - JPG (340KB)
Web Application Firewalls: Defense in Depth for Your Web Infrastructure Jim Beechey Apr View Report - DOC (68KB)
Book Summary: Mastering Web Services Security by Bret Hartman, Donald J. Flinn, Konstantin Beznosov, Shirley Kawamoto Brad Ruppert Apr View Report - DOC (40KB)
Downadup Incident - GIAC Enterprises - Report Tim Proffitt, Seth Misenar, John Jarocki Mar View Report - PDF (184KB)
Malware Detection/Prevention - GIAC Enterprises - Slides John Jarocki, Seth Misenar, Tim Proffitt Mar View Slides with Notes - PPT (172KB)
Top
2008
Title Author Month Files
Book Review: Web Security, Privacy & Commerce, 2nd Edition, by Simson Garfinkel and Gene Spafford Mason Pokladnik Nov View Report - DOC (44KB)
Technology Equipment Disposal Jim Beechey Oct View Poster - PDF (118KB)
View Policy - DOC (32KB)
GIAC Enterprises Desktop Protection Jim Beechey and Emilio Valente Sep View Report - DOC (100KB)
View Slides with Notes - PPT (760KB)
Clean Desk Tim Proffitt Aug View Policy - DOC (32KB)
View Poster - PDF (376KB)
Source Code Disclaimer Jay Radcliffe Aug View Policy - DOC (52KB)
View Poster - PDF (68KB)
Why Do You Audit? - Report Mason Pokladnik Jun View Report - DOC (52KB)
Data Retention & Cost Effective Data Loss Prevention Techniques Eric Conrad, Mason Pokladnik, Manuel Santander Apr View Report - PDF (424KB)
View Slides - PDF (204KB)
Mobile Device Encryption - Lost Laptops - Poster Eric Conrad Mar View Poster - DOC (490KB)
Mobile Device Encryption - Policy Eric Conrad Mar View Policy - DOC (48KB)
Workstation Security Russell Meyer Feb View Policy - DOC (52KB)
View Poster - DOC (1.1MB)
Top
2007
Title Author Month Files
Responsible Web Use - Poster Kevin Bong Nov View Poster - PDF (76KB)
Employee Internet Use Monitoring and Filtering Policy - Report Kevin Bong Nov View Report - PDF (80KB)
Software Installation Policy John Brozycki Nov View Project Poster - PDF (868KB)
View Project Report - PDF (16KB)
eDiscovery - Data Classification, Retention, and Litigation Policies and Procedures - Report Russell Meyer and Brad Ruppert Sep View Project - PDF (108KB)
RBAC Defense in Depth for GIAC Enterprises - Report Russell Meyer and Brad Ruppert Sep View Project Report - DOC (2.7MB)
View Project Slides - PPT (140KB)
UTM (Unified Threat Management) - Validating a UTM Device Manuel Santander and Mason Pokladnik Sep View Project - DOC (1MB)
Perimeter Convergence - Project Plan and Design Manuel Santander and Mason Pokladnik Sep View Project - DOC (143KB)
eDiscovery Policies and Procedures - Slides Brad Ruppert and Russell Meyer Sep View Project - PPT (268KB)
View Project - PPT (268KB)
GIAC Enterprises Network Deployment, Phase 1: The Perimeter Rodney Caudle, Jay Radcliffe, Jim Voorhees Jul View Project Report - DOC (252KB)
View Project Slides - PPT (320KB)
Web Application Security Implementation Kevin Bong and John Brozycki Jul View Project - PPT (136KB)
Managing Large Botnets Kevin Bong and John Brozycki Apr View Project - DOC (1.6MB)
Top
2006
Title Author Month Files
Mobile Encryption Rick Wanner and Rick Smith Dec View Project Report - PDF (172KB)
View Project Slides - PPT (96KB)
Server Malware Protection Policy Brian Granier Nov View Project - PDF (24KB)
Not Everything is as it Seems - Poster Brian Granier Nov View Project - PDF (288KB)
How to Use Windows Security Auditing Tools Project Plan Rodney Caudle, Eric Conrad, James Voorhees Sep View Project Plan - DOC (708KB)
View Slides - PPT (576KB)
Defense-in-Depth - What Is It? Peter Leight and Richard Hammer Aug View Project Report - DOC (340KB)
View Project Slides - PPT (188KB)
Role-Based Access Control (RBAC) Approach for Defense-in-Depth Peter Leight and Richard Hammer Aug View Project Report - DOC (2MB)
View Project Slides - PPT (148KB)
Trusted Platform Module (TPM) - Report Peter Leight and Richard Hammer Jun View Project Report - DOC (60KB)
Trusted Platform Module (TPM) - Slides Peter Leight and Richard Hammer May View Project Slides - PPT (88KB)
Top
 
SANS Technology Institute
Featured Research

Social Networking Policy
By Rick Wanner | Sep 2012 | 102 KB

Vulnerability Assessment Policy
By Rick Wanner | Sep 2012 | 90 KB

Diskless Cluster Computing: Security Benefit of oneSIS and Git
By Aron Warren | Sep 2012 | 401 KB

View More Student Presentations / Projects

Featured Student/Alumni
Russell Eubanks
Russell Eubanks

Russell Eubanks leads the Security Architecture, Risk and Compliance teams at Cox Communications. He has developed information security programs from the ground up and actively seeks opportunities to measurably increase their overall security posture. Read More

 

Internet Storm Center

View our Site Directory

Contact Us

Phone: 855-6-SANS-ED (855-672-6733)
Questions: info@sans.edu
Web: webmaster@sans.edu

After starting the program, I was promoted to Information Security Officer. I believe my involvement in the program was a contributing factor in that happening. - John Brozycki, Alumni of SANS Technology Institute

The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role. - Jerome Radcliffe, SANS Technology Institute Student