ISW Security Papers Contest
Security Tools
Click here to return to the library index
Title Contributor Date Description Rating
Five Mistakes of Data Encryption Anton Chuvakin 23/04/07 This paper, written by Anton Chuvakin, covers some of the other mistakes that often occur when organizations try to use encryption to protect data-at-rest and data-in-transit and thus improve their security posture. 7
A practical approach for defeating Nmap OS-Fingerprinting David Barroso Berrueta 12/03/03 Some security tools have been developed to fake Nmap in its OS Fingerprinting purpose. This paper describes different solutions to defeat Nmap and behave like another chosen operating system, as well as a demonstration on how can be accomplished. 8
Using LANguard S.E.L.M. to detect intruders on your server GFI Software Ltd 07/10/02 Describing the tools used by hackers to gain backdoor access to your IIS web servers, this paper details the necessary steps to detect successful intrusions on your network, as well as explaining how to prevent such attacks to your web server. 7
Pod Slurping – An Easy Technique for Stealing Data GFI Software Ltd 22/09/06 In this white paper, submitted by GFI, they explore how the uncontrolled use of portable storage devices such as iPods, USB sticks, flash drives and PDS's, coupled with data theft technizues such as 'pod slurping', can lead to major security breaches. 1
The Increasing Risks of Internet Computing Greg Greer 15/07/04 Traditional Web filtering solutions are becoming increasingly insufficient for organizations. This paper looks at the resulting consequences - excessive nonproductive Web surfing, i.e. losses in productivity, potential exposure to security breaches, legal liability etc. – and also introduces a Cerberian Web Manager solution. No votes
Vendor Analysis: Kaspersky Anti-Virus Products Examined Laura Taylor 23/03/03 Kaspersky Labs has successfully branded itself as a leader in multi-platform anti-virus products. Though many IT decision makers neglect to protect their UNIX systems from viruses, research done by Kaspersky Labs indicates that Linux may be just as prone to viruses as Microsoft operating systems. 10
The CyberAngel: Laptop Recovery and File Encryption All-In-One Laura Taylor 21/11/03 The CyberAngel is a product that claims to locate stolen laptops and return them to you. Reviewed by Laura Taylor, she looks at the installation and features. 4
NMAP Grepable Output MadHat 24/12/03 This output places all results for a single host on a single line, making it easier to use with other command line tools and scripting. This format is not well documented and therefore not well understood. 9
Employing Disinformation Security™ to Protect Corporate Networks with NetBait™ NetBait Inc 25/09/03 NetBait™ acts as an additional layer of defense, diverting intruders from your real systems and directing them to controlled pseudo-networks. NetBait creates these environments by projecting a diversionary picture...real network nodes surrounded by multiples of 'fake' NetBait Nodes or 'targets'. 9
Driftnet on WEPed wireless networks HOWTO Robert Timko 18/08/03 Driftnet is a nifty little application for Linux that reconstructs image files in a data stream (from a sniffer, etc.) and displays them on a screen. This how-to deals with putting up a version of Driftnet that not only works on wireless, but works also with dumpfiles. 8
MSNPawn - Footprinting, Profiling & Assessment with MSN Search Shreeraj Shah 19/01/06 Shreeraj Shah has updated an older contribution that describes some of the queries that can be run against SEARCH.MSN in order to fetch important information that would eventually help in web application assessment as well as a tool he has developed to assist in this process. 8
Nessus & NMAP CheatSheet skill2die4 17/09/04 A contribution for those who need a reference! Great guide to print out and keep at your side when auditing. 8
Nessus scanning on Windows Domain Sunil Vakharia 17/11/03 Using Nessus to scan Windows networks and various scenarios one might encounter. Topics covered include: Part I: Scan Types e.g. Default scan; Nessus scan with admin rights; Nessus scan with access to registry, etc. Part II: Configuration issues e.g. Configuration on Nessus' end; Configuration on target' end; Why not use Administrator accounts and more. 4
Security Tools - Community Contributions
Title Contributor Date Description Rating
Preparing for Security Event Management 360is 26/03/07 In this paper, submitted by Nick Hutton of 360is, we learn how to mitigate some of the risks and reduce the costs associated with implementation of Security Event Management systems, arguably among the most complex and highest profile information security projects undertaken today. 9
Plug-ins - a source of insecurity Alice Pierce 09/12/05 Alice Pierce of LockLizard submits this paper which examines and questions the claims often made by plug-ins. suppliers that they are secure, giving published examples of where they are not 2
Encryption is not enough for DRM Alice Pierce 09/12/05 This paper, submitted by Alice Pierce of LockLizard, covers why encryption is not enough to protect your electronic documents and why other factors such as the implementation of the system are equally important. 7
Elliptic Curve Cryptography Anoop MS 05/01/07 This paper, written by Anoop MS, gives an introduction to elliptic curve cryptography (ECC) and how it is used in the implementation of digital signature (ECDSA) and key agreement (ECDH) Algorithms. He also discusses the implementation of ECC on two finite fields, prime field and binary field. This paper also gives an overview of ECC implementation on different coordinate systems called the projective coordinate systems and the basics of prime and binary field arithmetic. 9
Public Key Cryptography Anoop MS 23/05/07 The paper, submitted by Anoop MS, discusses public key cryptography and its use in applications such as Key Agreement, Data Encryption and Digital Signature. The paper discusses some public key algorithms such as DH, RSA, DSA, ECDH and ECDSA and also gives mathematical explanations on the working of these algorithms. The paper also gives a brief introduction to modular arithmetic, which is the core arithmetic of almost all public key algorithms. 10
Phoenix: Secure File Transfer Using SSL Arjun Venkatraman 31/08/05 Arjun Venkatraman submits this paper on the inner workings of using Phoenix. 9
QuickSilver: Root Password Rotation as a security measure for Small/Medium Scale LANs Arjun Venkatraman 07/09/05 Password rotation scheme submitted by Arjun Venkatraman, ideal for small to medium sized businesses. No votes
Enterprise Rights Management (ERM): Architectural Approaches Avoco Secure 29/01/07 This document compares the architectural approaches to implementing an effective enterprise rights management (ERM) system, namely tethered and untethered models. The document attempts to explore the advantages and disadvantages of both approaches and the impact the two models have on a corporate installation of such a system. 10
Netcat for the Masses Dean De Beer 30/07/07 Dean DeBeer submits this paper on usage of the swiss army knife of technology, Netcat. No votes
Computer snooping using InstallRite Floydman 06/09/02 Using the InstallRite software as a monitoring/logging tool. 10
Software deployment that makes sense Floydman 06/09/02 Using the InstallRite software as originally intended: to monitor software installation. 10
Log Agent, log file recollection tool Floydman 06/09/02 A PERL tool (source code included) for log processing on an NT network. 6
A Comparison of VNC Connection Methods Frank Isaacs 30/04/08 This paper, written by Frank Isaacs, discusses different methods of deploying VNC with an emphasis on the security considerations of each method, and the tradeoffs associated with the convenience of each method. 5
Internet Monitoring Software Gordon Giles 15/12/05 Gordon Giles contributes this study on tools to help monitor and enforce acceptable use of the Internet. 6
Using Virtual Machines to Provide a Secure Teaching Lab Environment Harry Bulbrook 28/04/06 This paper, written by harry Bulbrook, discusses using VMWare to set up a lab in which to do security testing. 10
Writing NASL Scripts Hemil Shah 02/02/07 This paper, written by Hemil Shah, discusses Nessus, Nasl, how to write your own Nasl scripts, what applications are needed to write nasl scripts, Loading nasl scripts into the nessus server, Configuration parameters used in nasl scripts, reporting techniques and Few debugging tips. 10
Did I Do That? A Current Analysis of Biometric Technologies Jalaynea A. Cooper 22/10/07 Jalaynea Cooper writes this in depth paper that will explore some of the primary types of physiological and behavioral biometrics. 10
Validy Technology - Solution Against Software Policy and IT Sabotage Jean-Christophe Cuenod 06/02/05 Validy is a software publisher whose research and development activity began in 1991. Since its foundation, Validy has directed its research towards IT security, which has today become a crucial component in personal, infrastructure and economic security. 7
An Analysis of the IDS Penetration Tool: Metasploit Josh Marquez 09/12/10 Josh Marquez writes this introductory paper on Metasploit. 10
Why one virus engine is not enough Matthew Simiana 10/11/06 This white paper, written by Matthew Simiana, examines why having multiple anti-virus scanners at mail server level substantially reduces the chance of virus infection and explores ways in which this can be achieved. 6
Zero Configuration VPN Clients for Mobile Users Michael Underwood 22/05/06 In this paper, Michael Underwood examines three VPN services that are designed to be used at wireless hotspot for either SOHO (small office/home office) or small business users. 7
Central Authentication using RADIUS and 802.1x MOHIT SARASWAT 10/09/07 Mohit Saraswat submits this paper to help understand Radius and 802.1x, what it is, how it works and ideas towards implementing. 7
Biometrics, What and How Moustafa Kamal 16/03/07 Moustafa Kamal submits this article that attempts to cover all of the characteristics that are used in Biometrics, how they are used, and what are the disadvantages of using them. 8
About Sniffers Obscure 06/09/02 About sniffers, the good and the evil uses: definition, NIDS, monitoring, password sniffing and other malicious uses, general use, defeating sniffers 6
How to Combat Spyware in Corporate Environments Panda Software 19/09/05 A vendor contribution from Panda Soft on Spyware and how they can help defend against it. 10
Anti-Malware Perimeter Protection Panda Software 17/10/06 Panda Software submits this white paper on anti-malware security. No votes
Anti-Spam Protection in the Network Perimeter Panda Software 19/10/06 Panda Software contributes this white paper on anti-spam in the corporate enterprise. No votes
Web Content Filtering in the Corporate Network Perimeter Panda Software 21/10/06 Panda Software contributes this white paper discussing filteirng web content in a coporate environment. 10
New Technology in the Armed Forces Robert Sauls 16/04/07 This is an off subject paper that I agreed to publish to give our minds a quick break from buffer overflows and Microsoft. This contribution from Robert Sauls discusses new advancements in weapons, vehicles, and other technology that the armed forces use to fight the enemy. 5
Information Security - Tools of the Trade Sajeev Nair 30/11/06 Sajeev Nail submits this paper that lists tools and their various purposes to security professionals. No votes
Smart Cards for Traveling Users Sandra Price 01/05/06 Sandra Price submits this paper on how the use of smart cards improves security for users who travel. 10
Why Passwords do not live up to Today's Needs Sandro Gauci 22/03/07 Sandro Gauci writes this introduction to proper passwords that includes ideas on how to create strong passwords and how to overcome many of the reasons users abuse proper password usage. 7
The Need for Host Intrusion Prevention Third Brigade 16/10/06 This whitepaper, submitted by Third Brigade, looks at the security challenges faced by organizations and explains how Host Intrusion Prevention (HIP) plays a critical role in an organization’s overall security strategy. 5
The New Threat: Attackers That Target Healthcare Organizations Third Brigade 18/10/06 Third Brigade submits this white paper on the new threats that face medical facilities. 10
The Four Key Qualities of Effective Host Intrusion Prevention (HIP) Solutions: Defining Deep HIP Third Brigade 20/10/06 This white paper, submitted by Third Brigade, explains what to look for in HIP products, and introduces the concept of “Deep HIP” as a means of characterizing effective solutions in this area. No votes
Web Application Security: The Overlooked Vulnerabilities Third Brigade 08/01/07 This contribution from Third Brigade, discusses vulnerabilities associated with applications, types of threats, legislation and steps one can take to minimize the risk presented. No votes
Graphical Passwords Todd Exum 09/05/07 Todd Exum contributes this work which will discuss the benefits and ways in which graphical passwords can be used in the business place, to ensure that computer systems are secure. 9
Penetration Test Framework UPDATE Toggmeister 10/10/06 Lee Lawson submits this update on an excellent Penetration Test Framework. This is a must for anyone performing penetration testing!!! 9

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.