Résumé
RIC MESSIER has been program director for various cyber-security and computer forensics programs at Champlain College. A veteran of the networking and computer security field since the early 1980s, he has worked at large Internet service providers and small software companies. He has been responsible for the development of numerous course materials, has served on incident response teams, and has been consulted on forensic investigations for large companies.
Introduction xxi
1 Introduction to Network Forensics 1
What Is Forensics? 3
Handling Evidence 4
Cryptographic Hashes 5
Chain of Custody 8
Incident Response 8
The Need for Network Forensic Practitioners 10
Summary 11
References 12
2 Networking Basics 13
Protocols 14
Open Systems Interconnection (OSI) Model 16
TCP/IP Protocol Suite 18
Protocol Data Units 19
Request for Comments 20
Internet Registries 23
Internet Protocol and Addressing 25
Internet Protocol Addresses 28
Internet Control Message Protocol (ICMP) 31
Internet Protocol Version 6 (IPv6) 31
Transmission Control Protocol (TCP) 33
Connection-Oriented Transport 36
User Datagram Protocol (UDP) 38
Connectionless Transport 39
Ports 40
Domain Name System 42
Support Protocols (DHCP) 46
Support Protocols (ARP) 48
Summary 49
References 51
3 Host-Side Artifacts 53
Services 54
Connections 60
Tools 62
netstat 63
nbstat 66
ifconfi g/ipconfi g 68
Sysinternals 69
ntop 73
Task Manager/Resource Monitor 75
ARP 77
/proc Filesystem 78
Summary 79
4 Packet Capture and Analysis 81
Capturing Packets 82
Tcpdump/Tshark 84
Wireshark 89
Taps 91
Port Spanning 93
ARP Spoofi ng 94
Passive Scanning 96
Packet Analysis with Wireshark 98
Packet Decoding 98
Filtering 101
Statistics 102
Following Streams 105
Gathering Files 106
Network Miner 108
Summary 110
5 Attack Types 113
Denial of Service Attacks 114
SYN Floods 115
Malformed Packets 118
UDP Floods 122
Amplifi cation Attacks 124
Distributed Attacks 126
Backscatter 128
Vulnerability Exploits 130
Insider Threats 132
Evasion 134
Application Attacks 136
Summary 140
6 Location Awareness 143
Time Zones 144
Using whois 147
Traceroute 150
Geolocation 153
Location-Based Services 156
WiFi Positioning 157
Summary 158
7 Preparing for Attacks 159
NetFlow 160
Logging 165
Syslog 166
Windows Event Logs 171
Firewall Logs 173
Router and Switch Logs 177
Log Servers and Monitors 178
Antivirus 180
Incident Response Preparation 181
Google Rapid Response 182
Commercial Offerings 182
Security Information and Event Management 183
Summary 185
8 Intrusion Detection Systems 187
Detection Styles 188
Signature-Based 188
Heuristic 189
Host-Based versus Network-Based 190
Snort 191
Suricata and Sagan 201
Bro 203
Tripwire 205
OSSEC 206
Architecture 206
Alerting 207
Summary 208
9 Using Firewall and Application Logs 211
Syslog 212
Centralized Logging 216
Reading Log Messages 220
LogWatch 222
Event Viewer 224
Querying Event Logs 227
Clearing Event Logs 231
Firewall Logs 233
Proxy Logs 236
Web Application Firewall Logs 238
Common Log Format 240
Summary 243
10 Correlating Attacks 245
Time Synchronization 246
Time Zones 246
Network Time Protocol 247
Packet Capture Times 249
Log Aggregation and Management 251
Windows Event Forwarding 251
Syslog 252
Log Management Offerings 254
Timelines 257
Plaso 258
PacketTotal 259
Wireshark 261
Security Information and Event Management 262
Summary 263
11 Network Scanning 265
Port Scanning 266
Operating System Analysis 271
Scripts 273
Banner Grabbing 275
Ping Sweeps 278
Vulnerability Scanning 280
Port Knocking 285
Tunneling 286
Passive Data Gathering 287
Summary 289
12 Final Considerations 291
Encryption 292
Keys 293
Symmetric 294
Asymmetric 295
Hybrid 296
SSL/TLS 297
Cloud Computing 306
Infrastructure as a Service 306
Storage as a Service 309
Software as a Service 310
Other Factors 311
The Onion Router (TOR) 314
Summary 317
Index 319
The hands-on training you need to develop vital network forensics skills
As cybercrime grows ever more sophisticated, IT and law enforcement professionals have a constantly expanding need for up-to-the-minute skills in identifying, verifying, and preventing network attacks. Network forensics is a dynamic field, and practitioners need to stay on top of ever-evolving threats. To do this effectively, you need hands-on experience.
Network Forensics not only teaches the concepts involved, but also lets you practice actually taking the necessary steps to expose vital evidence. Because network data is always changing and never saved in one place, the network forensic specialist must understand how to examine data over time. Network forensics expert Ric Messier provides what you need to know through the use of dissecting packets, using real packet captures and log files to demonstrate performing a forensic investigation on network traffic. You'll learn both the "why" and the "how," enabling you to quickly and easily apply your knowledge to actual situations on the job.
Because Network Forensics lets you roll up your sleeves and really practice essential steps, you'll learn to:
- Investigate packet captures to identify network communications involved in an attack or crime
- Locate host-based artifacts left by network communications
- Use logs left behind by network services to correlate with packet captures
- Understand intrusion detection systems and use them for investigative work
- Prepare for an incident by having the right network architecture and systems in place
Caractéristiques techniques
| PAPIER | |
| Éditeur(s) | Wiley |
| Auteur(s) | Ric messier (author) |
| Parution | 14/09/2017 |
| Nb. de pages | 360 |
| Format | 185 x 233 |
| Poids | 589g |
| EAN13 | 9781119328285 |
Avantages Eyrolles.com
Consultez aussi
- Les meilleures ventes en Graphisme & Photo
- Les meilleures ventes en Informatique
- Les meilleures ventes en Construction
- Les meilleures ventes en Entreprise & Droit
- Les meilleures ventes en Sciences
- Les meilleures ventes en Littérature
- Les meilleures ventes en Arts & Loisirs
- Les meilleures ventes en Vie pratique
- Les meilleures ventes en Voyage et Tourisme
- Les meilleures ventes en BD et Jeunesse
