Cargando…
Learning network forensics : identify and safeguard your network against both internal and external threats, hackers, and malware attacks /
Identify and safeguard your network against both internal and external threats, hackers, and malware attacks About This Book Lay your hands on physical and virtual evidence to understand the sort of crime committed by capturing and analyzing network traffic Connect the dots by understanding web prox...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham, UK :
Packt Publishing,
2016.
|
| Colección: | Community experience distilled.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Becoming Network 007s; 007 characteristics in the network world; Bond characteristics for getting to satisfactory completion of the case; The TAARA methodology for network forensics; Identifying threats to the enterprise; Internal threats; External threats; Data breach surveys; Locard's exchange principle; Defining network forensics; Differentiating between computer forensics and network forensics; Strengthening our technical fundamentals; The seven-layer model
- The TCP/IP modelUnderstanding the concept of interconnection between networks/Internet; Internet Protocol (IP); Structure of an IP packet; Transmission Control Protocol (TCP); User Datagram Protocol (UDP); Internet application protocols; Understanding network security; Types of threats; Internal threats; External threats; Network security goals; Confidentiality; Integrity; Availability; How are networks exploited?; Digital footprints; Summary; Chapter 2: Laying Hands on the Evidence; Identifying sources of evidence; Evidence obtainable from within the network
- Evidence from outside the networkLearning to handle the evidence; Rules for the collection of digital evidence; Rule 1: never mishandle the evidence; Rule 2: never work on the original evidence or system; Rule 3: document everything; Collecting network traffic using tcpdump; Installing tcpdump; Understanding tcpdump command parameters; Capturing network traffic using tcpdump; Collecting network traffic using Wireshark; Using Wireshark; Collecting network logs; Acquiring memory using FTK Imager; Summary; Chapter 3: Capturing & Analyzing Data Packets; Tapping into network traffic
- Passive and active sniffing on networksPacket sniffing and analysis using Wireshark; Packet sniffing and analysis using NetworkMiner; Case study
- tracking down an insider; Summary; Chapter 4: Going Wireless; Laying the foundation
- IEEE 802.11; Understanding wireless protection and security; Wired equivalent privacy; Wi-Fi protected access; Wi-Fi Protected Access II; Securing your Wi-Fi network; Discussing common attacks on Wi-Fi networks; Incidental connection; Malicious connection; Ad hoc connection; Non-traditional connections; Spoofed connections; Man-in-the-middle (MITM) connections
- The denial-of-service (DoS) attackCapturing and analyzing wireless traffic; Sniffing challenges in a Wi-Fi world; Configuring our network card; Sniffing packets with Wireshark; Analyzing wireless packet capture; Summary; Chapter 5: Tracking an Intruder on the Network; Understanding Network Intrusion Detection Systems; Understanding Network Intrusion Prevention Systems; Modes of detection; Pattern matching; Anomaly detection; Differentiating between NIDS and NIPS; Using SNORT for network intrusion detection and prevention; The sniffer mode; The packet logger mode