U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Murugiah Souppaya (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 76 - 100 of 126

Stopping Malware and Unauthorized Software through Application Whitelisting

December 15, 2015
Author(s)
Adam Sedgewick, Murugiah Souppaya, Karen Scarfone, Larry Feldman
This bulletin summarizes the information presented in NIST Special Publication 800-167, "Guide to Application Whitelisting," written by Adam Sedgewick, Murugiah Souppaya and Karen Scarfone. The publication is intended to assist organizations in

Trusted Geolocation in the Cloud: Proof of Concept Implementation

December 10, 2015
Author(s)
Michael Bartock, Murugiah Souppaya, Raghuram Yeluri, Uttam Shetty, James Greene, Steve Orrin, Hemma Prafullchandra, John McLeese, Jason Mills, Daniel Carayiannis, Tarik Williams, Karen Scarfone
This publication explains selected security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation. It then describes a proof of concept implementation that was designed to address those challenges. The

Guide to Application Whitelisting

October 28, 2015
Author(s)
Adam Sedgewick, Murugiah Souppaya, Karen Scarfone
An application whitelist is a list of applications and application components that are authorized for use in an organization. Application whitelisting technologies use whitelists to control which applications are permitted to execute on a host. This helps

Security of Interactive and Automated Access Management Using Secure Shell (SSH)

October 15, 2015
Author(s)
Tatu Ylonen, Paul Turner, Karen Scarfone, Murugiah Souppaya
Users and hosts must be able to access other hosts in an interactive or automated fashion, often with very high privileges, for a variety of reasons, including file transfers, disaster recovery, privileged access management, software and patch management

Guide to Enterprise Patch Management Technologies

July 22, 2013
Author(s)
Murugiah P. Souppaya, Karen Scarfone
Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware. There are several challenges that complicate patch

Guide to Malware Incident Prevention and Handling for Desktops and Laptops

July 22, 2013
Author(s)
Murugiah P. Souppaya, Karen Scarfone
Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the

Guidelines for Managing the Security of Mobile Devices in the Enterprise

June 21, 2013
Author(s)
Murugiah P. Souppaya, Karen Scarfone
Mobile devices, such as smart phones and tablets, typically need to support multiple security objectives: confidentiality, integrity, and availability. To achieve these objectives, mobile devices should be secured against a variety of threats. The purpose

Guidelines for Securing Wireless Local Area Networks (WLANs)

February 21, 2012
Author(s)
Murugiah P. Souppaya, Karen Scarfone
A wireless local area network (WLAN) is a group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each

BIOS Protection Guidelines

April 29, 2011
Author(s)
David Cooper, William Polk, Andrew Regenscheid, Murugiah Souppaya
This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of

National Checklist Program for IT Products Guidelines for Checklist Users and Developers

February 25, 2011
Author(s)
Stephen D. Quinn, Murugiah P. Souppaya, Melanie Cook, Karen Scarfone
Special Publication 800-70 Revision 2 - National Checklist Program for IT Products Guidelines for Checklist Users and Developers describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program

Guide to Security for Full Virtualization Technologies

January 28, 2011
Author(s)
Murugiah P. Souppaya, Karen Scarfone, Paul Hoffman
The purpose of SP 800-125 is to discuss the security concerns associated with full virtualization technologies for server and desktop virtualization, and to provide recommendations for addressing these concerns. Full virtualization technologies run one or