Community: Whitepapers

Community:

White Papers are an excellent source for information gathering, problem-solving and learning. Below is a list of White Papers written by audit practitioners seeking GSNA Gold. SANS attempts to ensure the accuracy of information, but papers are published "as is".

Errors or inconsistencies may exist or may be introduced over time. If you suspect a serious error, please contact webmaster@sans.org.

SANS IT Audit Whitepapers
Paper Author Cert
Auditing for Policy Compliance with QualysGuard and CIS Benchmarks James, Stewart GSNA
Choosing corporate level instant messaging system and implementing audit controls Niemelä, Mikko GSNA
Analyzing Enterprise PKI Deployments Goulet, Walter GSNA
Simple Windows Batch Scripting for Intrusion Discovery Proffitt, Tim GSNA
Outsourced Information Technology Environment Audit Arunanthy, Navaratnasingam GSNA
Post Acquisition Audit in 30 Days Ruppert, Brad GSNA
The Controlled Event Framework for Information Asset Security Cronin, Chris GSNA
Auditing Nokia Firewall Sokal, Richard GSNA
A Compliance Primer for IT Professionals Swift, David GSNA
A Taxonomy of Information Systems Audits, Assessments and Reviews Wright, Craig GSNA
Auditing Mac OS X Compliance with the Center for Internet Security Benchmark Using Nessus Smith, Ricky GSNA
Auditing a Corporate Log Server Meyer, Roger GSNA
Auditing User Accounts in a Windows 2000/2003 (Active Directory) Domain Clauss, Charles GSNA
Audit of a Corporate Internet Gateway Unsworth, Stuart GSNA
Securing an IBM AIX Server John, Charles GSNA
An Audit of Samba File Sharing in a Home Office Bayerkohler, Marc GSNA
Management Interface Security Audit Essentials for the 3Com Router 5000 Series McGaughey, David GSNA
Auditing for Availability: The threat of Denial of Service Soltys, John GSNA
Auditing Nokia Communicator 9500 in Enterprise Context Ong, Leonard GSNA
Sarbanes-Oxley Information Technology Compliance Audit Seider, Dan GSNA
Practical Audit of Antivirus software: How to Audit Norton 2005 Yousif, Amar GSNA
Auditing a Linux Honeyd Honeypot Cira, Hugo GSNA
Auditing an Apache Tomcat Application Server Used For Credit Card Processing Bennett, Chris GSNA
A Practical Guide to Auditing an ASP Ollinger, Johanna GSNA
Auditing SquirrelMail on Fedora Core 1 Schock, Chris GSNA
Testing a SonicWALL Plus DMZ firewall Richeson, Jeff GSNA
Security Audit of a Solaris Server Running Sun ONE Directory Server v5.2 Hlavaty, Philip GSNA
Auditing a Windows 2000 Web Server Running IIS 5.0 Savage, Britt GSNA
Baselining a Windows 2000 Professional Computer System Fanelli, Robert GSNA
Baselining a CVS Server Gautam, Hemant GSNA
Auditing with BindView bv-Control for Windows and enum Monroe, Kris GSNA
Auditing a Windows 2000 Advanced Server Hillis, William GSNA
Using RAT from CIS to Perform a Security Audit of the Configuration File of a Cisco Router at the Level-1 Benchmark Beck, Robert GSNA
Auditing The Internet Information Services (IIS) 5.0 Feature Of Windows 2000 Server Shullich, Robert GSNA
Auditing an Apache Server on a FreeBSD System Lin, Chihyao GSNA
Address Resolution Protocol Risks and Countermeasures Lee, Michael GSNA
Auditing a Systems Security Consultants Laptop Running Fedora Core 2 Martinez, Yolanda GSNA
Web Application Security Audit Aiken, Dan GSNA
Auditing the Astaro Secure Linux Firewall: An Evaluation for Commercial Use Groman, Jeff GSNA
Auditing ISS RealSecure Desktop Protector in the Enterprise Barker, Cary GSNA
Auditing the authentication process of an e-banking application Kempenaar, Laurent GSNA
Audit of a University's MySQL Server running on SuSE 8.0 Linux Crawford, Charles GSNA
Auditing with NMap, LC5, and Oracle Password Guesser Danielle, Lora GSNA
Fortigate-60 Firewall Security Audit: An Auditor's Perspective Cook, Brian GSNA
Auditing a IIS Microsoft Windows 2000 Server Pfaff, Beverly GSNA
Security Audit on OpenVMS: An Internal Auditor's Perspective Rich, Kevin GSNA
Auditing a Microsoft Windows 2000 Terminal Server Driskell, William GSNA
Audit of a Corporate Security Systems Domain Controller Graham, Steven GSNA
Functional Security Audit - SPUD Website Chervenka, Dan GSNA
Auditing Checkpoint NG Firewall An Auditor's Perspective Shah, Jaimin GSNA
Auditing a Microsoft Internet Security and Acceleration 2004 Server as it Protects Outlook Web Access 2003 Dentico, Peter GSNA
Internet Explorer Web Browser Security Review Govekar, Jim GSNA
Auditing ISA on Windows 2000 Server Dziuba, Doug GSNA
Assessing Risks to Novell's eDirectory 8.7.3 Strubinger, Ray GSNA
A Security Audit of the Corporate Email Gateway CipherTrust Kendrick, Kris GSNA
Auditing a Squid Web Proxy Server Mancini, Steven GSNA
Security Audit of a Cisco PIX 515 Firewall Hensel, Randy GSNA
Auditing Internet Explorer Browser Security Lim, Kathleen GSNA
Auditing a Gentoo Linux Workstation Navarro, Christopher GSNA
Security Audit of a Financial Institution's Site-to-Site VPN Tunnel Connection To a 3rd Party Internet Banking Vendor Kroll, Chris GSNA
Auditing McAfee VirusScan from Auditor's Prospective Al-Bustani, Noaf GSNA
Auditing Networks, Perimeters and Systems Weir, Dave GSNA
Security Audit of Citrix NFUSE WWW Server Published Application Infrastructure O'Neill, David GSNA
Auditing the Fortigate-100 Firewall Appliance Chandran, Rama GSNA
Web Server Security Assessment Cheng, Derek GSNA
Auditing the Corporate Access Control System: An Independent Auditor's Perspective Steiner, Scott GSNA
Auditing Exchange 2000 server With Outlook Web access An Auditor's perspective Pickar, Alexander GSNA
Auditing Check Point Secureplat FormNg With Apaplication Inteligence (R55)Web User Interface Shaw, Jeffrey GSNA
Auditing a Syslog Server Running on Fedora Core 1 Sawall, Chris GSNA
Validation of Network Traffic Encryption Jenkins, Michael GSNA
BANKING ON IT Williams, Michael GSNA
Auditing CheckPoint NG Perimeter Firewall: An Auditor's Perspectiv Liston, Kevin GSNA
Auditing an ISP POP/IMAP Email Server Maxwell, Mike GSNA
External Name Server Security Audit: An Auditor's Perspective Marek, Jennifer GSNA
Auditing Apache Secure Reverse Proxy On HP-UX in a Large Scale Production Environment: An Auditor's Perspective Hertel, Kelly GSNA
IPCop Audit: A Home User's Perspective Cox, Garret GSNA
Auditing An Intranet Firewall From an ISO 17799 Perspective, Seiersen, Richard GSNA
Auditing a File Server - Microsoft(R) Windows Server 2003 Eltoni, Tamer GSNA
Auditing Fragrouter-1.6 (Vulnerability Test Tool): An Auditor's Perspective Kyun Baik, Nam GSNA
Auditing the NetScreen Secure Access SA-3000 Series SSL VPN Appliance Stamatiou, Alex GSNA
The Cisco 3550 Intelligent Switch: An Auditor's Perspective Winding, Robert GSNA
Audit of a Small LAMP (Linux, Apache, MySQL, and PHP) Web Application Gelman, Herschel GSNA
Auditing a Nokia IP 330 Check Point Firewall-1 NG FP3 An Auditor's Perspective Hefflin, Curtis GSNA
Validating Patch Levels and Baseline Configuration on Windows 2000 Professional Workstations: An Auditor's Perspective Rybczynski, Bill GSNA
TunnelGuard Service and Administrative Plane on Contivity Secure IP Services Gateway Platform: An Administrator's Report Buschel, Alejandro GSNA
Auditing Borland's J2EE Application Server: An Auditor's Perspective Camac, Brenton GSNA
Apple PowerBook OS X Configuration and Operational Practices Lucas, Claude V. GSNA
Audit! Mac OS X 'Panther' on an Apple PowerBook Fung, James GSNA
Secure remote email solution for a financial institution Novobilsky-Jezior, Kimberly GSNA
SECURITY POSTURE OF A SOHO MACHINE Christopher, Nicole GSNA
Auditing a Cisco 1721 Router Welshman, Ray GSNA
Auditing the Symantec Enterprise Firewall v7.0 for Windows NT Lewis, Tim GSNA
A Security Audit of a 3COM OfficeConnect Remote 812 ADSL Router Perez, David GSNA
Auditing a MySQL Database Server An Independent Auditors Perspective Hoover, Jeffrey GSNA
Auditing a Fedora Core 1 Linux Ortiz, Jorge David GSNA
VLAN Auditing: From An Auditors Perspective Laurie, Ken GSNA
Auditing Perimeter Defenses in a Home Office Environment with an OpenBSD Firewall/VPN Branch Tunnel Gateway - An Administrator's Perspective Sweetser, Frank GSNA
Auditing a Samba server from an administrator's perspective D'Albis, Cedric GSNA
Auditing a print and scan server protected by the VisNetic for Workstation firewall: An Independent Auditor's perspective Aubry, Carmen GSNA
Auditing Virus Protection of a Citrix End User:An Administrator's Perspective Sjoberg, Ruth GSNA
Auditing 802.11 wireless networks focusing on the Linksys BEFW11S4 Access Point Siles, Raul GSNA
Open VMS 7-3.1: An Administrator's View Buchanan, Randy GSNA
IDS Load Balancer Security Audit: An Administrator's Perspective Hotaling, Michael GSNA
Avaya INDeX PBX Security Audit: An Auditors Perspective Mercer, Alan GSNA
Security Audit Of A Consultant Windows XP Laptop: An Auditors Perspective Fuller, Kevin GSNA
Topics in auditing Pentesting a web server Hartsuijker, Maarten GSNA
Using LinuxAuditor to Automate Auditing of RedHat, SuSE, and Mandrake Linux Systems Schroeder, William GSNA
Auditing a Cisco Secure IDS System: An Auditors Perspective DeRodeff, Colby GSNA
System Security Plan Auditing For System Owners Kirby, Michael GSNA
Technical security audit of a customer support web application portal: the independent auditor perspective Carlsson, Marcel GSNA
Security Audit of an Oracle 8.1.7 Database Server: An Independent Auditor's Perspective Kallio, Steven GSNA
Auditing a Sun Solaris 8 Technology Distribution Server: An Auditors Perspective Cassidy, Scott GSNA
Auditing a phpWebSite/MySQL Intranet System - An Administrator's Perspective Van Hoogstraten, John GSNA
Auditing hp OpenView Network Node Manager: An Auditors Perspective O'Mealey, Josh GSNA
Auditing SunGard Zai*net: An Independent Auditor's Perspective Boyd, Lane GSNA
Auditing a Symantec VelociRaptor Firewall: An Independent Auditor's Perspective Horne, Jeff GSNA
Auditing a Corporate E-mail Gateway Running Postfix on Linux: an Administrator's Perspective Karwisch, William GSNA
Configurable Basic Service Agreement For Army Network Support Centers Jensen, Harold GSNA
Auditing a Small Internet Business Hosted by an Internet Service Provider: an Auditor's Perspective Frigon, Stephanie GSNA
Ethernet over Low-Voltage Power Line Communication Networks - A Security Analysis and Audit of the HomePlug 1.0 Standard: An Auditor's Perspective Colvin, Todd GSNA
Security Audit of an HP-UX 11i Server: An Auditor's Perspective O'Brien, Timothy GSNA
Auditing the Cisco Aironet 1200 Wireless Access Point In a Small to Medium Size Business Environment (SMB) Lowdermilk, Ryan GSNA
Auditing a Linux FTP and DNS Server: An Administrators Perspective Baumann, Sean GSNA
Auditing IIS server, Windows 2000 server: An Independent Auditors Perspective Geborek, Derek GSNA
Administrator's Report on Auditing a Netscreen-100 Firewall Lowder, Jeff GSNA
A "Black Box" Audit of a Microsoft .NET web-based application Blake, William GSNA
Auditing Perimeter Defenses in a Home Office Environment with D-Link Broadband Router and Kerio Personal Firewall Andresen, Egil GSNA
Auditing the Perimeter: Conducting an External 'Zero Knowledge' Vulnerability Assessment Jayawickrama, Wipul GSNA
An Administrator's Report on Auditing a Web Application Server with Retina Network Security Scanner Mitchell, Sean GSNA
Sourcefire Intrusion Detection System Deployment: An Auditor's Perspective Weber, Don GSNA
Auditing the RSA SecurID infrastructure Merabet, Karim GSNA
Auditing a DELL Storage Area Network server: An Auditor Perspective Boismenu, Patrick GSNA
Auditing a Windows 2000 Active Directory Infrastructure: An Auditor's Perspective Choa, Sylvia GSNA
Auditing a BIND DNS Server - An Administrators Perspective Bennie, Norrie GSNA
A Baseline Audit of an Astaro Security Linux 4.008 Firewall. Lethaby, Christopher GSNA
Audit of a Distributed SolarisTM Jumpstart Infrastructure: An Auditor's Perspective Meacle, Michael GSNA
Auditing a CacheFlow Proxy Solution: An Auditor's Perspective Haig, Leigh GSNA
Auditing a Business Partner Connection: An Auditor's Perspective Khaw, Penny GSNA
Auditing an Apache for Windows Web Server: An Auditor's Perspective Yao, Tony GSNA
Auditing Networks, Perimeters, and Systems Goudie, Mark GSNA
Auditing a Linux Point-to-Point Tunneling Protocol (PPTP) Virtual Private Network (VPN) Server: An Auditor's Perspective Tong, Eric GSNA
Auditing Microsoft Exchange 2000 Server: An Administrator's Perspective Holt, Daniel GSNA
Type Security Certification and Accreditation in a Nationwide System using NIACAP: An Auditors Perspective Elliott, Windy GSNA
DNS and SMTP Server Security Audit: An Auditor's Perspective Pack, Jeff GSNA
Auditing a Cisco Aironet Wireless Network From an Auditors Perspective Stall, Ryan GSNA
External Audit Of A Network Segment'S Perimeter Firewall: An Independent Auditor'S Perspective Dooling, Robert GSNA
Best Practices for Auditing a Watchguard Firebox 700 Firewall: An Auditor's Perspective Tarala, James GSNA
Auditing a FIX32 Supervisory Control and Data Acquisition System: An Administrator's Perspective Tolen, Peter GSNA
Auditing the S-Box Safe@ SOHO VPN/Firewall Skovfoged, Erik GSNA
Auditing a Snort Intrusion Detection System: An Auditor's Perspective Zimmerman, Brent GSNA
An Audit of a Wireless Demonstration Network Implementing Cisco Aironet 1200 Viitamaki, Oliver GSNA
Auditing a Cisco PIX firewall: An Auditor Perspective Yuen, Rick GSNA
Auditing Internet Security System's Real Secure: A Solaris-based Network Intrusion Detection System Manley, David GSNA
Auditing Your Data Center Access Control System: An Independent Auditors Perspective Cox, Barry GSNA
Research in Audit, Measurement Practice and Control Foote, Mary GSNA
Audit of an ePolicy Orchestrator (ePO) v.2.5.1 Server: An Auditor's Perspective
French Translation		 Laberge, Stephane GSNA
Snort Intrusion Detection System Audit: An Auditor's Perspective Trudel, Jason GSNA
Auditing A Checkpoint VPN1 Mobile User Virtual Private Network VPN Dietrich, John GSNA
Audit of Borderware 6.5 firewall: An Auditor's Perspective Linehan, John GSNA
Network Vulnerability Assessment Strategy For Small State And Local Government Agencies Sweltz, Ken GSNA
Auditing a SQL Server 2000 Server An Independent Auditors Perspective Thompson, Graham GSNA
Auditing the Cisco AS5300 Remote Access Router Environment Through The Eyes Of An Independent Auditor Ziarno, Cliff GSNA
An Administrator's Report on Auditing a LEAF (Linux Embedded Appliance Firewall) System Credeur, Brian GSNA
Auditing the Checkpoint NG SecureClient (VPN-1 / FireWall-1) - Option 1 - An Auditor's Perspective Blair, John GSNA
Auditing Novell iFolder Professional Edition v2.0 Shenk, Jerry GSNA
Security Audit of a Network Associates Gaunlet 6.0 Firewall Jeppson, Ron GSNA
Auditing the Cisco Aironet 340 Wireless Access Point Gryparis, Mark GSNA
An Auditor's Checklist for performing a Perimeter Audit of on IBM ISeries (AS/400) System Reise, Craig GSNA
Auditing a GallantWeb GEW200: An Auditor's Perspective Spencer, Glenda GSNA
Auditing PGP Options and Associated Policies: An Auditor's Perspective Chalmers, Matthew GSNA
Auditing LANguard File Integrity Checker V 1.0: An Auditor's Perspective Pierce, David GSNA
Auditing the Wireless Environment: A Mobile Wireless LAN Used for Training in Multiple Sites on a Corporate WAN- An Auditor's Perspective Loomis, Angela GSNA
Administratively Auditing the Security Provided by Norton Personal Firewall 2002 Jones, Horace GSNA
Security Risk Assessment and Audit of an EMC SAN Chapman, Todd GSNA
Auditing a Distributed Intrusion Detection System: An Auditors Perspective Wassom, Darrin GSNA
Audit and Control Checklist for the Elron Internet Manager (IM) Firewall: An Auditor's Perspective Hill, Mark GSNA
Topics in Auditing- High Level Review of WLAN Coran, Philip GSNA
Auditing an NFR Security NID 200 Intrusion Detection System: An Auditor's Perspective Kimball, Mark GSNA
Auditing a Nokia 440 Check Point Firewall-1 Firewall: An Auditor's Perspective Tu, James GSNA
Auditing a Checkpoint Firewall Nelson, Paul GSNA
Special Permission Project: Mobile Computing Self Assessment for Non-technical Business Users Hagerty, Michael GSNA
Auditing a Split-Horizon Domain Name Server: An Auditor's Perspective Naumann, I. Jon GSNA
An Authentication Audit on OpenVMS: An Auditor's Perspective Parker, Jeff GSNA
Auditing Sygate Personal Firewall 4.2 Shevelyov, Nicholas GSNA
Auditing a Wireless Access Point: The Orinoco Outdor Router 1000 Configured as a Wireless Access Point Marcinkowski, Slawomir GSNA
Auditing Cisco Perimeter Routers Yee, Marvin GSNA
Audit of Solaris 8 Platform Ferchichi, Azim GSNA
A Security Checkup for Your Windows at Home Reeder, Scott GSNA
Auditing EnGarde Secure Linux v1.1 Rabon, Lou GSNA
Auditing Microsoft's Internet Security and Acceleration Server 2000 (Standalone Configuration) from a Business Point of View Anderson, Garrett GSNA
Auditing the Cisco PIX Firewall Bolden, Jon GSNA
Auditing Web Application User Input Handling - case NameSurfer Viljanen, Lea GSNA
Methodology for Auditing The Microsoft Windows XP Operating System Howlett, Tony GSNA
Small Business IT Auditing Eaves, David GSNA
Broad Scope Audit of a Filtering Router in an Academic Setting Grangeia, Luis GSNA
Auditing Symantec AntiVirus Corporate Edition Lampe, Jonathan GSNA
Auditing Enterprise Email Service Meshram, Tapan GSNA
Auditing Microsoft Corporate e-mail Solutions (Exchange 5.5 and Outlook 2000) Custodio, Filipe GSNA
Auditing Firewall in a Small Office / Home Office Environment Grundschober, Stephane GSNA
Using Auditing to Improve the Security of Microsoft Windows NT Server 4.0, Terminal Server Edition Norman, Richard GSNA
Auditing FreeBSD Sternudd, Patrik GSNA
Oracle Database Auditing Price, Gareth GSNA
Auditing the Netscreen-5 Firewall Used as a VPN Gateway Strom, Dan GSNA
Tabula rasa: Auditing RobinHood under BeOS Bilar, Daniel GSNA
Checkpoint Firewall-1 Rangsiphol, Ruangkrai GSNA
Auditing Networked Printers Johnson, Greg GSNA
Methodology for Security Policy Audit Using the ISO 17799 Framework Rockwell, David GSNA
Auditing ZoneAlarm Naedele, Martin GSNA
Auditing a web server - Hobbit's 'webs' Schaller, Jeff GSNA
Research in Audit, Measurement Practice, and Control Garrison, Todd GSNA
Auditing RedHat Linux 7.0 (Workstation) Laude, Mary GSNA
Network Security 2013 - Las Vegas
Latest Blog Posts

Detecting Audit Prep versus Good Processes in Place – Part 2
March 22, 2012 - 11:49 AM

Learning Powershell: How to Extract User Objects from Active Directory usin [...]
March 15, 2012 - 12:19 PM

Identifying Inactive and Unnecessary User Accounts in Active Directory (wit [...]
March 05, 2012 - 1:05 PM

Latest Tweets @it_audit

NetWars: Audit the Flag - Come experience it yourself! https://t.co/NSQLiBFJ
February 17, 2013 - 1:57 PM

Wow! @it_audit has reached 10,000 followers! See more stats [...]
December 25, 2012 - 1:21 AM

Always have your stuff when you need it with @Dropbox. Sign [...]
October 28, 2012 - 5:28 PM

Latest Papers

Auditing for Policy Compliance with QualysGuard and CIS Benchmarks
By Stewart James

Choosing corporate level instant messaging system and implementing audit controls
By Mikko Niemelä

Analyzing Enterprise PKI Deployments
By Walter Goulet

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"SANS is second to none!"
- Joseph Cosgriff, NC State University

"Intense, fast-paced. Modern day Sherlock Holmes!"
- Cody Drake, Allstate Ins. Co.