Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Learning Network Forensics

You're reading from   Learning Network Forensics Identify and safeguard your network against both internal and external threats, hackers, and malware attacks

Arrow left icon
Product type Paperback
Published in Feb 2016
Publisher
ISBN-13 9781782174905
Length 274 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Samir Datt Samir Datt
Author Profile Icon Samir Datt
Samir Datt
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Becoming Network 007s FREE CHAPTER 2. Laying Hands on the Evidence 3. Capturing & Analyzing Data Packets 4. Going Wireless 5. Tracking an Intruder on the Network 6. Connecting the Dots – Event Logs 7. Proxies, Firewalls, and Routers 8. Smuggling Forbidden Protocols – Network Tunneling 9. Investigating Malware – Cyber Weapons of the Internet 10. Closing the Deal – Solving the Case Index

Understanding network security

We live in a wired world (could be wireless too), which is increasingly interconnected. These interconnected networks are privy to most of the world's data, which is at great risk.

Today, the more interconnected we are, the more at risk we are. With attacks of increasing sophistication becoming automated, easily available, and usable by most low-grade criminals, the threat to our resources is at an all-time high. Evolved and sophisticated detection-evasion techniques help in making things even more complicated. Criminals too have learned to follow the money. Attacks are more focused and targeted with a preponderance of effort being directed towards the targets that could result in a monetary payoff.

Let's take a look at the type of threats that exist.

Types of threats

When we connect our network to the outside world (I know, I know, we have to!), we introduce the possibility of outsiders attempting to exploit our network, stealing our data, infecting our systems with viruses and Trojans, or overloading our servers, thus impacting and impeding our performance.

However, if our network were disconnected from the outside world, threats would still exist. In fact, most surveys and studies (as mentioned earlier) point to the indisputable fact that most of the threats (over 50%) are caused by intentional or unintentional activities performed by insiders.

While it is rarely possible to isolate or air gap a business network from the outside world, even if we were to do so, there is no guarantee that it would ensure network security.

Based on this understanding, we must consider both internal and external threats.

Internal threats

Looking back at the history, we will see many notable examples of entire kingdoms being lost due to the actions of the insiders. Valuable information such as hidden routes to reach behind an army (backdoors), type, strengths & weaknesses of the defenses (scans & vulnerabilities), and access codes and passwords (open sesame) when leaked to the enemy can cause irreparable loss. Kingdoms and corporations can fall. Sun Tzu, the ancient Chinese strategist and general, in his martial treatise, The Art of War, strongly recommends the use of insiders to win battles. His opinion on the best way to win a battle is without firing a single shot.

Threats that originate from within the network tend to be way more serious than those that originate outside.

Just like an unknown enemy within the walls of a citadel can be lethal; similarly, the insider within your network can be very damaging unless identified and contained very quickly.

Insiders usually have plenty of knowledge about the network, its available resources, and structure. They already have been granted a certain level of access in order to be able to do their job. Network security tools such as firewalls, intrusion prevention systems (IPS), intrusion detection system (IDS), and so on are deployed at the periphery of the network and are usually outward facing and such insiders are under the radar in this context.

An insider can steal information in many low-tech ways. Simply inserting a USB drive and copying data off the network is a very common way of stealing data. Burning a DVD with the organization's intellectual property and walking off the premises with this stuck inside a laptop's DVD drive happens quite often. Some smart guys copy the data onto a USB stick and then delete it so that when checked, they can demonstrate that the USB device is empty and once they get home, they can then recover the data using free recovery tools.

A single insider can be quite dangerous; however, when there are multiple insiders working in tandem, the situation can be quite grave. These threats need to be addressed and mitigated quickly in order to prevent substantial damage.

External threats

Usually, external attackers do not have in-depth knowledge of your network. When they start out, they do not have login or access credentials to get into the network.

Once a potential target is identified, the first step is to carry out a reconnaissance on the network. To do this, they perform a ping sweep. This helps in identifying the IP addresses that respond to the pings and are accessible from the outside. Once these IP addresses are identified, a port scan is performed. The objective is to identify open services on these IP addresses. The operating system (OS) is fingerprinted to understand the make, model, and build deployed. This helps the attacker in identifying the possible unpatched vulnerabilities. An outsider will identify and exploit a known vulnerability to compromise any one of the earlier discovered services on the host. Once the attacker has gained access to the host, the attacker will work at escalating the privileges, covering tracks, and creating backdoors for future unmonitored access. They will then use this system as a platform to attack and compromise other systems in this network and the world at large.

You have been reading a chapter from
Learning Network Forensics
Published in: Feb 2016
Publisher:
ISBN-13: 9781782174905
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image