Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Network And Cloud Forensics > Module 2 - Network and Internet Resources > Flashcards

Module 2 - Network and Internet Resources Flashcards

Identify components that can be interrogated for network-based forensics compare the two different types of network trafic / analysis/capture evaluate the placement of network packet capture devices on a network explain inherent forensic value of network devices versus servers/workstations

1
Q

Definition of Network Forensics

A

Marcus Ranum: capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Two forms of systems for collect network data

A

1 - “Catch-it-as-you-can”

2. “Stop, look and listen”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Catch it as you can

A

all packets at a traffic point captured and saved. Analysis in batch mode. Requires much storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Stop look and listen

A

each packet analyzed in memory, only select info saved for analysis. Requires faster processor to keep up with traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Places for network info collection (3)

A

firewalls
intrusion detection systems (IDS)
packet captures from network forensic devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Advantages of Packet capture devices (4)

A
  • Most IDSs dispose of data after sign. comparisons
  • Firewalls validate and inspect traffic/packets
  • Packet capture record traffic
  • Packet capture devices usually outside view of users (can’t be manipulated)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Problems with Packet Capture

A
  • volume of data (terabytes)

- multiple computers, many are noise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Monitoring Points for capture devices

A

external - can have at each entry point
internal - gets traffic between computers

Problem: multiple might be cost-prohibitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Network appliances Access

A

in cloud-based environments users may not have access to network appliances:

firewalls
switches
routers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NFATs

A

Network Forensic Analysis Tools (network forensic products)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Promiscuous Mode

A

network packet capture devices have NICs that operate in promiscuous mode, i.e. they don’t drop packets that are destined for other NICs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Optimal conditions for network forensics

A
  • controlled environment, owns LAN or data center
  • cloud environment, but must address limitation of not having access to hardware.
  • hosted environments - must be addressed during deisgn and implementation phases.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Interrogation Sources (3)

A 
DHCP servers (IP and MAC registered)
DNS servers (computer's name)
WINS servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Network And Cloud Forensics (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions