Scribd
Upload
7 views

Lect 12

Uploaded by

dungnthe172688
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
7 views

Lect 12

Uploaded by

dungnthe172688
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 29

12.

Digital Forensics and


Networking
Topics

 Networking Fundamentals
 Types of Networks
 Network Security Tools
 Network Attacks

 Incident Response
 Network Evidence & Investigation
Networking
Fundamentals
Network Concepts

 TCP/IP (Transmission Control Protocol / Internet


Protocol)
 The common language for the Internet
 Client/Server Network
 Each computer has one of the roles: client or server
 Modern computers mix the roles
 Peer-to-peer Network
 Every member has same role, as both client and server
 Commonly used with bittorrent to share files illegally
Network Types
 LAN (Local Area Network)
 Within a single building or a few nearby buildings
 WAN (Wide Area Network)
 Larger area
 Internet
 Largest WAN, the whole world
 MAN (Metropolitan Area Network)
 PAN (Personal Area Network)
 Bluetooth: max. range 10 meters
 CAN (Campus Area Network)
IP Addresses

 IPv4: 32 bits, in four octets


 Each octet written as a decimal number 0-255
 Ex: 192.168.1.101
 Only four billion total addresses
 They are running out
 IPv6: 128 bit in eight 16-bit fields
 Each field a 4-character hexadecimal valoe
 Range 0000 – FFFF
 Ex: 2001:0db8:0000:0000:1111:2222:3333:4444
 Many addresses: 300 billion billion billon billion
Network Security
Tools
Firewalls, IDS, and Sniffers
 Filters inbound and, optionally, outbound traffic
 Simple firewalls filter based on packet headers
 IP address, port number
 Layer 7 firewall
 Looks inside packet to discriminate more
 Can detect Facebook, TeamViewer, BitTorrent
 Intrusion Detection System
 Blocks malicious traffic based on a set of definitions
 Ex: Snort
 Sniffer
 Captures packets for analysis
 Ex: Wireshark
Network Attacks
Network Attacks
 DDoS (Distributed Denial of Service)
 Many bots attack a server
 IP Spoofing
 False Source IP in packets
 Can make attacks appear to come from trusted sources
 Man-in-the-Middle
 Intercept traffic
 Attacker can examine or alter data
 Can impersonate user
 Defense is SSL
Social Engineering

 Tricking people into


security violations
Most Common Hacking Methods

 Backdoor
 From a malware infection allowing remote control
 Footprinting
 Gathering public information about a target
 Fingerprinting
 Scanning a target for open ports and other information
 Based on a 2011 Verizon study
Insider Threat

 The biggest threat


 Does more harm than external attacks
 Difficult to detect or prevent
 Link Ch 9a
Incident Response
NIST Process
 Preparation
 Planning for security incidents
 Proactive defenses, such as
 Hardening systems
 Patching
 Perimeter defense
 User awareness training
 Policies, procedures, and guidelines
 Detection and Analysis
 IDS produce false positives
 Network traffic is erratic
NIST Process

 Containment
 Eradication
 Recovery
 Post-incident Review
 Root-cause analysis
 Plan how to prevent future incidence
 Revise policies and procedures
Network Evidence
& Investigation
Where is the Evidence?

 Alldevices along the route may


contain log files
 Servers
 Routers
 Firewalls
 Evidence may be volatile
Log Files

 Authentication log
 Account and IP address of users
 Application log
 Timestamps shown when application was used and
by whom
 Operating system log
 Track reboots, file access, clients served, and much
more
 Device logs
 On routers and firewalls
Network Investigative Tools

 Wireshark
 Sniffer

 NetIntercept
 Hardware applicance to record network traffic
 NetWitness Investigator
 Can gather and analyze network traffic
 Snort
 IDS
NetIntercept

 Links Ch 9b, 9c
Network Investigation Challenges
 IP addresses can be spoofed
 Bounced through proxies
 Or through compromised systems
 Or through the Tor anonymity network
 Logs are often incomplete or absent
 Logs are erased after some time
 Attackers can erase logs
 Jurisdiction
 Attacks can cross state or national boundaries
Binary
In Extra Credit Projects

You might also like