SANS Cyber Defense Initiative® 2020 Live Online: 30+ Interactive Courses | Virtual NetWars Tournaments. Save $300 thru 11/18

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.






Privilege Management

Featuring 5 Papers as of September 2, 2020

  • How to Create a Comprehensive Zero Trust Strategy Analyst Paper (requires membership in SANS.org community)
    by Dave Shackleford - September 2, 2020 

    To implement zero trust effectively, organizations must consider critical controls, such as network access and inspection controls, as well as the roles that visibility, vulnerability and discovery play in their least privilege strategies. SANS analyst Dave Shackleford explains how to build a microsegmentation access control model that addresses common business drivers, implements capabilities critical to microsegmentation, and applies microsegmentation and zero trust initiatives in ways that positively impact industry compliance requirements.


  • Using Illusive Networks' Attack Surface Manager to Enhance Vulnerability Management Analyst Paper (requires membership in SANS.org community)
    by Dave Shackleford - February 11, 2020 

    Illusive Networks' Attack Surface Manager (ASM) takes a unique approach to identify vulnerabilities within the network. SANS reviewed ASM and learned how it continuously discovers assets in the environment and monitors systems for artifacts, allowing it to pinpoint attack paths that could be exploited by adversaries who have gained initial access to an environment. The product can then map these paths to show whether important assets are vulnerable to attack, and can remediate issues on systems within the attack path.


  • Boosting IAM and Privilege Control Using Illusive Networks’ Attack Surface Manager Analyst Paper (requires membership in SANS.org community)
    by Dave Shackleford - February 11, 2020 

    Illusive Networks' Attack Surface Manager (ASM) takes a unique approach to identify vulnerabilities within the network. SANS reviewed ASM and learned how it continuously discovers assets in the environment and monitors systems for artifacts, allowing it to pinpoint attack paths that could be exploited by adversaries who have gained initial access to an environment. The product can then map these paths to show whether important assets are vulnerable to attack, and can remediate issues on systems within the attack path.


  • Attack and Defend: Linux Privilege Escalation Techniques of 2016 SANS.edu Graduate Student Research
    by Michael Long II - January 30, 2017 

    Recent kernel exploits such as Dirty COW show that despite continuous improvements in Linux security, privilege escalation vectors are still in widespread use and remain a problem for the Linux community. Linux system administrators are generally cognizant of the importance of hardening their Linux systems against privilege escalation attacks; however, they often lack the knowledge, skill, and resources to effectively safeguard their systems against such threats. This paper will examine Linux privilege escalation techniques used throughout 2016 in detail, highlighting how these techniques work and how adversaries are using them. Additionally, this paper will offer remediation procedures in order to inform system administrators on methods to mitigate the impact of Linux privilege escalation attacks.


  • Introduction to Rundeck for Secure Script Executions by John Becker - August 11, 2016 

    Many organizations today support physical, virtual, and cloud-based systems across a wide range of operating systems. Providing least privilege access to systems can be a complex mesh of sudoers files, profiles, policies, and firewall rules. While configuration management tools such as Puppet or Chef help ensure consistency, they do not inherently simplify the process for users or administrators. Additionally, current DevOps teams are pushing changes faster than ever. Keeping pace with new services and applications often force sysadmins to use more general access rules and thus expose broader access than necessary. Rundeck is a web-based orchestration platform with powerful ACLs and ssh-based connectivity to a wide range of operating systems and devices. The simple user interface for Rundeck couples with DevOps-friendly REST APIs and YAML or XML configuration files. Using Rundeck for server access improves security while keeping pace with rapidly changing environments.


Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.