Network forensics /

Mostrar otras versiones (2)

Intensively hands-on training for real-world network forensicsNetwork Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way--by dissecting packets, you gain fundamental knowledge that...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Messier, Ric (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Indianapolis, IN : Wiley, 2017.
Temas:
Computer networks > Security measures.
Internet > Security measures.
Réseaux d'ordinateurs > Sécurité > Mesures.
Internet > Sécurité > Mesures.
COMPUTERS > Security > General.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover; Title Page; Copyright; About the Author; About the Technical Editor; Credits; Contents; Introduction; What This Book Covers; How to Use This Book; How This Book Is Organized; Chapter 1: Introduction to Network Forensics; What Is Forensics?; Handling Evidence; Cryptographic Hashes; Chain of Custody; Incident Response; The Need for Network Forensic Practitioners; Summary; References; Chapter 2: Networking Basics; Protocols; Open Systems Interconnection (OSI) Model; TCP/IP Protocol Suite; Protocol Data Units; Request for Comments; Internet Registries; Internet Protocol and Addressing.
  • Internet Protocol AddressesInternet Control Message Protocol (ICMP); Internet Protocol Version 6 (IPv6); Transmission Control Protocol (TCP); Connection-Oriented Transport; User Datagram Protocol (UDP); Connectionless Transport; Ports; Domain Name System; Support Protocols (DHCP); Support Protocols (ARP); Summary; References; Chapter 3: Host-Side Artifacts; Services; Connections; Tools; netstat; nbstat; ifconfig/ipconfig; Sysinternals; ntop; Task Manager/Resource Monitor; ARP; /proc Filesystem; Summary; Chapter 4: Packet Capture and Analysis; Capturing Packets; Tcpdump/Tshark; Wireshark; Taps.
  • Port SpanningARP Spoofing; Passive Scanning; Packet Analysis with Wireshark; Packet Decoding; Filtering; Statistics; Following Streams; Gathering Files; Network Miner; Summary; Chapter 5: Attack Types; Denial of Service Attacks; SYN Floods; Malformed Packets; UDP Floods; Amplification Attacks; Distributed Attacks; Backscatter; Vulnerability Exploits; Insider Threats; Evasion; Application Attacks; Summary; Chapter 6: Location Awareness; Time Zones; Using whois; Traceroute; Geolocation; Location-Based Services; WiFi Positioning; Summary; Chapter 7: Preparing for Attacks; NetFlow; Logging.
  • SyslogWindows Event Logs; Firewall Logs; Router and Switch Logs; Log Servers and Monitors; Antivirus; Incident Response Preparation; Google Rapid Response; Commercial Offerings; Security Information and Event Management; Summary; Chapter 8: Intrusion Detection Systems; Detection Styles; Signature-Based; Heuristic; Host-Based versus Network-Based; Snort; Suricata and Sagan; Bro; Tripwire; OSSEC; Architecture; Alerting; Summary; Chapter 9: Using Firewall and Application Logs; Syslog; Centralized Logging; Reading Log Messages; LogWatch; Event Viewer; Querying Event Logs; Clearing Event Logs.
  • Firewall LogsProxy Logs; Web Application Firewall Logs; Common Log Format; Summary; Chapter 10: Correlating Attacks; Time Synchronization; Time Zones; Network Time Protocol; Packet Capture Times; Log Aggregation and Management; Windows Event Forwarding; Syslog; Log Management Offerings; Timelines; Plaso; PacketTotal; Wireshark; Security Information and Event Management; Summary; Chapter 11: Network Scanning; Port Scanning; Operating System Analysis; Scripts; Banner Grabbing; Ping Sweeps; Vulnerability Scanning; Port Knocking; Tunneling; Passive Data Gathering; Summary.

Ejemplares similares