SANS Whitepaper – Proxies and Packet Filters in Plain English 3.1.20 3.13 csc12 csc9 System and Communications Protection
This SANS whitepaper describes firewall and perimeter protections.
SEARCH RESULTS
SANS Whitepaper – Securing Sensitive Data: Understanding Federal Information Processing Standards (FIPS) 3.13 3.13.11 3.13.16 System and Communications Protection
This SANS whitepaper defines FIPS, identify FIPS approved encryption algorithms, and examine some different vendor solutions and their use of these approved algorithms.
SANS Whitepaper – Security Considerations for Voice over Wi-Fi (VoWifi) Systems 3.13 3.13.14 System and Communications Protection
This paper examines the vulnerabilities of VoWiFi calling, assesses what common and less well-known attacks are able to exploit those vulnerabilities, and then proposes technological or procedural security protocols to harden telephony systems against adversary exploitation.
SANS Whitepaper – Security Issues and Countermeasure for VoIP 3.13 3.13.14 System and Communications Protection
This paper focuses on these VoIP specific security threats and the countermeasures to mitigate the problem.
SANS Whitepaper – Web Application Firewalls 3.1.20 3.13 csc12 csc9 System and Communications Protection
This SANS whitepaper discusses the need for web application firewalls.
Security Boulevard – Endpoint and network segmentation best practices 3.13 3.13.5 System and Communications Protection
This article speaks to the deficiencies in current network segmentation for the endpoint and network segmentation best practices.
State University of New York at Oneonta – Virtual Private Network Policy VPN 3.13 3.13.7 System and Communications Protection
This policy from The State University of New York at Oneonta provides sample guidelines for VPN access.
STIG Viewer – The DNS server implementation must prevent unauthorized and unintended information transfer via shared system resources. 3.13 3.13.4 System and Communications Protection
Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems.
STIG Viewer – Terminate Network Connections 3.13 3.13.9 System and Information integrity
This resource offers assessment guidance for a related control (NIST SP 800-53 SC-10)
Tech Prognosis – Web Browser Security: Evaluating Browser Settings To Stay Safe Online 3.13 csc7 csc9 System and Communications Protection
This blog post discusses some of the web browser security settings options.