What is FORENSICS? Why do we need Network Forensics?

Slides:

Advertisements

Similar presentations

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Advertisements

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Access Control Chapter 3 Part 5 Pages 248 to 252.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

IS Network and Telecommunications Risks

Intrusion Detection Systems and Practices

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

COEN 252: Computer Forensics Router Investigation.

Host Intrusion Prevention Systems & Beyond

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Security Guidelines and Management

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Forensic and Investigative Accounting

COEN 252 Computer Forensics

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Linux Networking and Security

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #14 Network Forensics September 26, 2007.

(c) University of Technology, Sydney Firewall Architectures.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.

 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Cisco Discovery Semester 1 Chapter 6 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Role Of Network IDS in Network Perimeter Defense.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Chapter 1 Real World Incidents Spring Incident Response & Computer Forensics.

Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Some Great Open Source Intrusion Detection Systems (IDSs)

Common System Exploits Tom Chothia Computer Security, Lecture 17.

CompTIA Security+ Study Guide (SY0-401)

The Devil and Packet Trace Anonymization

Computer Data Security & Privacy

Security in Networking

CompTIA Security+ Study Guide (SY0-401)

Intrusion Detection & Prevention

Computer Networks ARP and RARP

Presentation transcript:

What is FORENSICS? Why do we need Network Forensics? Why it is so important?

Introduction Network – Interconnection of computers by communicating channels Large amount of Data or Packets transferring at each interval of time Attacks may be either passive or active Network Forensics is like camera on the network discover the source of security attacks provides useful tools for investigating cybercrimes on the Internet

Network Forensics Analyzing the network traffic Examining the network devices like Routers Data rate is very fast Need to store the packets to find the behavior Deal with volatile and dynamic information Identify all possible security violations Identify malicious activities from the traffic logs and discover their details, and to assess the damage

Definition: Act of capturing, recording, and analyzing network audit trails in order to discover the source of security breaches or other information assurance problems. Systems collect data in two forms: "Catch-it-as-you-can" – Packets passing through certain traffic point are captured Analysis is done subsequently Requires large amounts of storage. "Stop, look and listen" – Packet is analyzed in memory Certain information saved for future analysis.

Capabilities Comprehensive data collection:—anything that crosses the network, whether email, IM, VoIP, FTP, HTML, or some other application or protocol — collected by a single system and stored in a common, searchable format Flexible data collection: Collect all data on a network segment for future inspection or focus on a specific user or server.

Catching hackers on the wire Attackers fingerprints remain throughout the network, in firewall logs, IDS/IPS, web proxies, traffic captures

Ethernet --data on this layer is collected using network interface card (NIC) of a host. -- it collects all the traffic that comes over the network. TCP/IP --in this routing tables are used to identify attackers. --a part from routing tables, authentication logs are also used in this layer. The Internet --Web server logs are used here. --used to extract user account information.

Network forensics includes preparation collection preservation examination analysis Investigation presentation Network Forensic Analysis Tools (NFATs) administrators to monitor networks, gather all information about anomalous traffic assist in network crime investigation

A Generic Framework for Network Forensics Preparation and authorization Collection of network traces Preservation and protection Examination and analysis Investigation and attribution Presentation and review

Network forensic analysis open source and proprietary security tools Wire shark Tcp dump Snort Wire Shark also known as Ethereal used in ETHERNET layer uses pcap to capture data data is captured from live traffic or read from a file that recorded already VoIP calls can be detected in the captured traffic

Conclusion real world method of initially identifying and responding to computer crimes and policy violations data mining tools, network engineers have the data they need to identify and fix problems security teams can reconstruct the sequence of events

References en.wikipedia.org/wiki/Network_forensics www.fidelissecurity.com/network-forensics-tools www.wireshark.com www.e-evidence.info/version3 portforward.com/networking/wireshark.htm ieeexplore.ieee.org/stamp/stamp.jsp