SANS Technology Institute: Security Laboratory
Welcome to the Security Laboratory. I'm Stephen Northcutt and like many of you I am a manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security as well as the people side of the job. The "Security Labratory", for you creative spellers, is an informal set of articles and whitepapers, almost a blog, about security, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Security 401 Security Essentials and the GIAC Security Essentials Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu.
Click here to subscribe to the Security Laboratory Article Feed
- Security Laboratory: Wireless Security
This series covers wireless security. We will post papers on the latest threats as well as fundamental tutorial information you need to design and pen test a wireless network.
Hardware Hacking: Linksys WRT54G - December 28th, 2007
By Stephen Northcutt
We recently did a book review of Paul Asadoorian and Larry Pesce's Linksys WRT54G: Ultimate Hacking and we were so intrigued with the work they did, we asked Paul to participate in an interview for the Security Lab.
An Interview with Joshua Wright - September 25th, 2007
By Stephen Northcutt
Josh Wright discusses recent trends in attacks on systems utilizing wireless technology, as well as what can be done to assess vulnerabilities and minimize security risks for wireless devices.
Dispelling Common Bluetooth Misconceptions - September 19th, 2007
By Joshua Wright
This whitepaper will dispel several common misconceptions regarding Bluetooth technology, allowing organizations to better assess their exposure to Bluetooth threats.
Wireless Security Training and Pen Testing Tutorial - Framing Part 1 - September 6th, 2007
By Joshua Wright
In this training tutorial Joshua Wright begins the discussion on wireless Framing, covering the Frame Control Field, with particular attention to the To and From DS, and ends with the Duration/ID field.
Wireless Security Training and Pen Testing Tutorial: Infrastructure - August 31st, 2007
By Joshua Wright
You can't do a pen test of a wireless network without understanding how wireless works. In this training tutorial, Joshua Wright discusses the wireless MAC Layer and Authentication and Association, and he introduces the concept of Framing.
Five Wireless Threats You May Not Know - Updated September 5th, 2007
By Joshua Wright
Attackers have found new avenues to take advantage of weaknesses in wireless networks that, in most cases, have yet to be addressed by organizations. The wireless security market has matured significantly in the past several years, but still many organizations remain vulnerable to attacks, either through legacy protocols with well-published deficiencies, or through new threats that are not adequately addressed.
