Vendor-Neutral Security Videos and Whitepapers


DNS Basics (Video)

This video explains and demonstrates how DNS works. This is helpful to prepare for my papers on DNS security.

Watch video at YouTube


DNS Cache Poisoning

There are several facets to DNS security. In this paper we focus on one of the most dangerous types of attack – DNS cache poisoning. To provide a complete picture of this threat, we’ll explore how DNS works, two ways crackers facilitate cache poisoning, what impact this type of attack can have on your organization, and steps you can take to protect your information assets

Download paper


DNS Tunneling Identification and Defense

Domain Name Service (DNS) traffic freely travels across network perimeters and internal network segments. Organizations cannot arbitrarily block this UDP port 53 traffic because doing so would break most, if not all, network communication. Malicious actors (MA) know this and have found ways to exploit DNS for their purposes.

One example of how MA exploit DNS is tunneling. DNS tunneling enables command and control (C2) and data exfiltration traffic for which most organizations do not look or are unable adequately to detect.

This paper helps organizations understand the threat and available defense solutions.

Download paper


Strengthen Security with an Effective Security Awareness Program

You’ve developed a world class security program. Your technology-based defenses are cutting edge. Your security team is well trained and ready to handle anything that comes its way. So you’re done, right? Not quite. One of the most important pieces of an effective information asset defense is missing – employee awareness.

In this paper, I define security awareness, list the objectives of an effective awareness program, and I step through a process to build, implement, and manage on-going support of the program

Download paper


Fundamentals of Storage Media Sanitization

One of the most fundamental principles of information security is that it’s all about the data. Data in transit or at rest is the primary focus of administrative, physical, and technical safeguards. Security professionals are doing better every day when it comes to protecting information in static production environments. But what happens when magnetic, optical, or semiconductor media is repurposed or retired?

In this paper, I define media sanitation and how it fits into an overall security program. Next, I examine how attackers can extract information from electronic media—even after it’s been overwritten. Finally, I explore ways you can protect your organization from attacks—both casual and highly motivated.

Download paper


Keystroke Dynamics: Low Impact Biometric Verification

Biometrics has long been one of the solutions touted by security vendors to meet multifactor authentication objectives. However, user acceptance and cost issues often prevent organizations from adopting biometrics as a solution. This isn’t to say that other multifactor solutions are any less cost prohibitive. The capital expenditure and on-going maintenance costs of token-based systems are often higher than those for biometrics. Solutions based on keystroke dynamics might help meet these business challenges.

In this paper, I look at biometrics in general. This includes success factors for implementation and user acceptance. I also look at how the effectiveness of biometric solutions is measured. This is followed by an examination of keystroke dynamics technology, including its history, how it works, and why it may be the answer for organizations with people or cost issues.

Download paper