SlideShare a Scribd company logo

Chapter 12Searching the Network1Purpose of Inves.docx

Download as DOCX, PDF
K
keturahhazelhurst

This document provides guidelines on conducting internal investigations related to network security, focusing on issues like misuse of company resources and intrusion detection. It outlines steps for initial responses, proactive collection methods, and network analysis techniques, including auditing and capturing network traffic. Procedures for dealing with data exports, malicious software, and gathering logs from routers and switches are also discussed.

Education
1 of 4
Download to read offline
1
2
3
4
Chapter 12 Searching the Network 1 Purpose of Investigation Internal investigations Misuse of company resources Penetration analysis Intrusion detection Scope of the Investigation Local area networks Application Service Providers (ASP) Cloud computing Initial Response Identify the actual problem Decide on an action Should the connections be broken or back-traced? Is conviction worth the risk of data loss? Lock down a time frame Isolate the source of the nefarious activity Identify the potential suspect(s) Point of a Response Plan
Have a list of IT personnel available Have tools in place for analyzing network activity Prepare secure lines of communication that can’t be tapped Create and test a plan of action for returning systems to normal Have a good review process in place When to do Proactive Collection Current and ongoing intrusions Ongoing theft of data Misuse of company resources Suspicion of data export Internal systems may have been compromised When ascertaining whether malicious software has been embedded in the system To determine how the intrusion was accomplished Proactive Methods Keyloggers Can be hardware or software based May be subject to legal challenge System auditing Know what to audit and how Collect audit logs before they are automatically deleted Network Capture Determining authenticity Proxy servers alter IP addresses Onion routing encapsulates original packets IP spoofing rewrites the originating IP address Identifying traffic Narrow the range of targeted traffic Identify a specific acquisition window
Performing a Network Capture Put network interface into promiscuous mode Configure utility (such as Wireshark) to collect packets Identify and configure a storage pool for captured traffic Analyzing the Capture Protocol identification IP address inventory Message sessionizing A to B B to A A or B to any Collecting Live Connection Data A small batch file can collect: Time/data information NetBIOS connections User statistics File shares open Open sessions Collect information only as it currently exists Post Incident Collection Event logs Application log Security log System log Application logs (not Windows) Router and Switch Forensics
Don’t analyze device over network Enable logging before connecting to the device Record all volatile information first Record time-date stamps Router Data to Collect Router OS Router logs Startup and running configurations Routing tables Access lists NAT translation tables List of interfaces

More Related Content

PPT
Chapter 2
shahhardik27
 
PPT
Ethical Hacking
shahhardik27
 
PPT
Ethical hacking
shahhardik27
 
PPT
Network forensics1
Santosh Khadsare
 
ODP
Unlock Security Insight from Machine Data
Narudom Roongsiriwong, CISSP
 
PPTX
Network scan
penetration Tester
 
PPT
Introduction To Information Security
belsis
 
PPTX
Penetration testing
PTC
 
Chapter 2
shahhardik27
 
Ethical Hacking
shahhardik27
 
Ethical hacking
shahhardik27
 
Network forensics1
Santosh Khadsare
 
Unlock Security Insight from Machine Data
Narudom Roongsiriwong, CISSP
 
Network scan
penetration Tester
 
Introduction To Information Security
belsis
 
Penetration testing
PTC
 

Similar to Chapter 12Searching the Network1Purpose of Inves.docx (20)

PPTX
Intrusion detection system
Sweta Sharma
 
PDF
Cisel1 d
chandu_sai
 
PPTX
DC612 Day - Hands on Penetration Testing 101
dc612
 
PPTX
Examining computer and evidence collection
gagan deep
 
PDF
What is ethical hacking and complete cyber security presentation on this file
AyushSrivastava673855
 
PDF
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
APNIC
 
PPTX
Network Reconnaissance for Cybersecurity
SivaGopal9
 
PPTX
Anatomy Of Hack
Agnel Chittilappilly
 
PDF
Network Vulnerability and Patching
Emmanuel Udeagha B.
 
PPTX
Cyber warfare introduction
jagadeesh katla
 
PPTX
Introduction to cyber forensics
Anpumathews
 
PPTX
Network Forensics
primeteacher32
 
PPTX
J_McConnell_LabReconnaissance
Juanita McConnell
 
PPT
Meletis Belsis - Introduction to information security
Meletis Belsis MPhil/MRes/BSc
 
PPTX
cyberforensicsv2-191113184409.pptx
PrasannaKumarpanda2
 
PPTX
Forensic tools
Venkata Sreeram
 
PPT
Securitych1
Bhawani Rathore
 
PPTX
lecture5.pptxJHKGJFHDGTFGYIUOIUIPIOIPUOHIYGUYFGIH
Abodahab
 
PPT
Hacking Fundamentals - Jen Johnson , Miria Grunick
amiable_indian
 
DOCX
4777.team c.final
AlexisHarvey8
 
Intrusion detection system
Sweta Sharma
 
Cisel1 d
chandu_sai
 
DC612 Day - Hands on Penetration Testing 101
dc612
 
Examining computer and evidence collection
gagan deep
 
What is ethical hacking and complete cyber security presentation on this file
AyushSrivastava673855
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
APNIC
 
Network Reconnaissance for Cybersecurity
SivaGopal9
 
Anatomy Of Hack
Agnel Chittilappilly
 
Network Vulnerability and Patching
Emmanuel Udeagha B.
 
Cyber warfare introduction
jagadeesh katla
 
Introduction to cyber forensics
Anpumathews
 
Network Forensics
primeteacher32
 
J_McConnell_LabReconnaissance
Juanita McConnell
 
Meletis Belsis - Introduction to information security
Meletis Belsis MPhil/MRes/BSc
 
cyberforensicsv2-191113184409.pptx
PrasannaKumarpanda2
 
Forensic tools
Venkata Sreeram
 
Securitych1
Bhawani Rathore
 
lecture5.pptxJHKGJFHDGTFGYIUOIUIPIOIPUOHIYGUYFGIH
Abodahab
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
amiable_indian
 
4777.team c.final
AlexisHarvey8
 

More from keturahhazelhurst (20)

DOCX
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
keturahhazelhurst
 
DOCX
1. Some potentially pathogenic bacteria and fungi, including strains.docx
keturahhazelhurst
 
DOCX
1. Terrestrial Planets                           2. Astronomical.docx
keturahhazelhurst
 
DOCX
1. Taking turns to listen to other students is not always easy f.docx
keturahhazelhurst
 
DOCX
1. The main characters names in The Shape of Things are Adam and E.docx
keturahhazelhurst
 
DOCX
1. Select one movie from the list belowShutter Island (2010; My.docx
keturahhazelhurst
 
DOCX
1. Select a system of your choice and describe the system life-cycle.docx
keturahhazelhurst
 
DOCX
1. Sensation refers to an actual event; perception refers to how we .docx
keturahhazelhurst
 
DOCX
1. The Institute of Medicine (now a renamed as a part of the N.docx
keturahhazelhurst
 
DOCX
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
keturahhazelhurst
 
DOCX
1. Search the internet and learn about the cases of nurses Julie.docx
keturahhazelhurst
 
DOCX
1. Search the internet and learn about the cases of nurses Julie Tha.docx
keturahhazelhurst
 
DOCX
1. Review the three articles about Inflation that are found below th.docx
keturahhazelhurst
 
DOCX
1. Review the following request from a customerWe have a ne.docx
keturahhazelhurst
 
DOCX
1. Research risk assessment approaches.2. Create an outline .docx
keturahhazelhurst
 
DOCX
1. Research has narrowed the thousands of leadership behaviors into .docx
keturahhazelhurst
 
DOCX
1. Research Topic Super Computer Data MiningThe aim of this.docx
keturahhazelhurst
 
DOCX
1. Research and then describe about The Coca-Cola Company primary bu.docx
keturahhazelhurst
 
DOCX
1. Prepare a risk management plan for the project of finding a job a.docx
keturahhazelhurst
 
DOCX
1. Please define the term social class. How is it usually measured .docx
keturahhazelhurst
 
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
keturahhazelhurst
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
keturahhazelhurst
 
1. Terrestrial Planets                           2. Astronomical.docx
keturahhazelhurst
 
1. Taking turns to listen to other students is not always easy f.docx
keturahhazelhurst
 
1. The main characters names in The Shape of Things are Adam and E.docx
keturahhazelhurst
 
1. Select one movie from the list belowShutter Island (2010; My.docx
keturahhazelhurst
 
1. Select a system of your choice and describe the system life-cycle.docx
keturahhazelhurst
 
1. Sensation refers to an actual event; perception refers to how we .docx
keturahhazelhurst
 
1. The Institute of Medicine (now a renamed as a part of the N.docx
keturahhazelhurst
 
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
keturahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie.docx
keturahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie Tha.docx
keturahhazelhurst
 
1. Review the three articles about Inflation that are found below th.docx
keturahhazelhurst
 
1. Review the following request from a customerWe have a ne.docx
keturahhazelhurst
 
1. Research risk assessment approaches.2. Create an outline .docx
keturahhazelhurst
 
1. Research has narrowed the thousands of leadership behaviors into .docx
keturahhazelhurst
 
1. Research Topic Super Computer Data MiningThe aim of this.docx
keturahhazelhurst
 
1. Research and then describe about The Coca-Cola Company primary bu.docx
keturahhazelhurst
 
1. Prepare a risk management plan for the project of finding a job a.docx
keturahhazelhurst
 
1. Please define the term social class. How is it usually measured .docx
keturahhazelhurst
 

Recently uploaded (20)

PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Institutional Correction lecture only . . .
limvtheghins
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
RMMM.pdf make it easy to upload and study
sajedul2
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 

Chapter 12Searching the Network1Purpose of Inves.docx

  • 1. Chapter 12 Searching the Network 1 Purpose of Investigation Internal investigations Misuse of company resources Penetration analysis Intrusion detection Scope of the Investigation Local area networks Application Service Providers (ASP) Cloud computing Initial Response Identify the actual problem Decide on an action Should the connections be broken or back-traced? Is conviction worth the risk of data loss? Lock down a time frame Isolate the source of the nefarious activity Identify the potential suspect(s) Point of a Response Plan
  • 2. Have a list of IT personnel available Have tools in place for analyzing network activity Prepare secure lines of communication that can’t be tapped Create and test a plan of action for returning systems to normal Have a good review process in place When to do Proactive Collection Current and ongoing intrusions Ongoing theft of data Misuse of company resources Suspicion of data export Internal systems may have been compromised When ascertaining whether malicious software has been embedded in the system To determine how the intrusion was accomplished Proactive Methods Keyloggers Can be hardware or software based May be subject to legal challenge System auditing Know what to audit and how Collect audit logs before they are automatically deleted Network Capture Determining authenticity Proxy servers alter IP addresses Onion routing encapsulates original packets IP spoofing rewrites the originating IP address Identifying traffic Narrow the range of targeted traffic Identify a specific acquisition window
  • 3. Performing a Network Capture Put network interface into promiscuous mode Configure utility (such as Wireshark) to collect packets Identify and configure a storage pool for captured traffic Analyzing the Capture Protocol identification IP address inventory Message sessionizing A to B B to A A or B to any Collecting Live Connection Data A small batch file can collect: Time/data information NetBIOS connections User statistics File shares open Open sessions Collect information only as it currently exists Post Incident Collection Event logs Application log Security log System log Application logs (not Windows) Router and Switch Forensics
  • 4. Don’t analyze device over network Enable logging before connecting to the device Record all volatile information first Record time-date stamps Router Data to Collect Router OS Router logs Startup and running configurations Routing tables Access lists NAT translation tables List of interfaces