| Recent
Articles |
3 Methods of Linux System Administration
When you are a new Linux user needing to get Linux training, it is often confusing to decide what to focus on. Should you learn how to use Linux for just one Linux distribution (a.k.a. version, distro)? Should you...
The 802.1X Supplicant Initiative
First let me state that those are words I barely understand, and until recently have never even used the word "supplicant", correctly or otherwise. Having said...
We Don't Need An Information Security Industry
As much as I respect Bruce Schneier, and usually follow what he says with few if any questions, I think what he is missing with his speech in London is the Human Element. Humans are flawed, and human creations are...
|
|
06.14.07
An Introduction to Network Forensics
 By
Caitlina Fuller
Have you ever heard of network forensics? Not everyone has but the meaning is actually very important. It basically means the recording, analyzing, and capturing of events on a network in order to determine how and why attacks on security occurred as well as other problems. Forensics typically refers to crime investigation but it has been borrowed and applied to the safety and investigation of security of networks.
There are a couple of different types of network forensic systems for network monitoring. These include the systems that pretty much catch and store all information that passes through a certain point.
A RAID system is typically needed for this and a lot of storage space is necessary for this method. The next option is when certain information from each packet is saved in memory in case it is needed for analysis in the future. A fast processor is typically needed although lots of storage is not as important.
Of course, both methods require storing a lot of information and erasing the old periodically to make room for the new information. There are some open source programs that may be used as well as others.
When it comes to network forensics it is important to have a basic understanding of lawful intercept. This basically applies to what information may be intercepted legally. CALEA has set forth some basic requirements in this aspect to make it easy to understand what is acceptable and what is not.
The first type of approach to monitoring one's network for potential security attacks and the like has a potential problem in that is captures all data that passes through. Privacy is at risk with this method and Internet Service Providers are not allowed to disclose any information that is intercepted from users unless express permission is given by the user or under a court order. One network forensics tool is used by the FBI and is called Carnivore. This tool is very controversial because it captures information that may otherwise be private.
There really is a fine line when it comes to network forensics because ISPs and the like are intent on maintaining a secure Internet while hackers and other criminals are intent on infiltrating every weakness in operating systems and the Internet in general.
So, network forensics is very important but some of the methods potentially violate user privacy and this is a problem. Nevertheless, network forensics is evolving slowly but surely and will certainly have a better way to capture information in the future without compromising privacy.
About the Author:
Caitlina Fuller is a freelance writer.
|
