Network Intrusion Analysis

1st Edition

Methodologies, Tools, and Techniques for Incident Analysis and Response

Authors: Joe Fichera
Paperback ISBN: 9781597499620
eBook ISBN: 9781597499712
Imprint: Syngress
Published Date: 6th April 2006
Page Count: 252
42.95 + applicable tax
33.99 + applicable tax
54.95 + applicable tax
Unavailable
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Description

Nearly every business depends on its network to provide information services to carry out essential activities, and network intrusion attacks have been growing increasingly frequent and severe. When network intrusions do occur, it’s imperative that a thorough and systematic analysis and investigation of the attack is conducted to determine the nature of the threat and the extent of information lost, stolen, or damaged during the attack. A thorough and timely investigation and response can serve to minimize network downtime and ensure that critical business systems are maintained in full operation.

Network Intrusion Analysis teaches the reader about the various tools and techniques to use during a network intrusion investigation. The book focuses on the methodology of an attack as well as the investigative methodology, challenges, and concerns. This is the first book that provides such a thorough analysis of network intrusion investigation and response.

Network Intrusion Analysis addresses the entire process of investigating a network intrusion by:
Providing a step-by-step guide to the tools and techniques used in the analysis and investigation of a network intrusion.
Providing real-world examples of network intrusions, along with associated workarounds.
*Walking you through the methodology and practical steps needed to conduct a thorough intrusion investigation and incident response, including a wealth of practical, hands-on tools for incident assessment and mitigation.

Key Features

  • Network Intrusion Analysis addresses the entire process of investigating a network intrusion
  • Provides a step-by-step guide to the tools and techniques used in the analysis and investigation of a network intrusion
  • Provides real-world examples of network intrusions, along with associated workarounds
  • Walks readers through the methodology and practical steps needed to conduct a thorough intrusion investigation and incident response, including a wealth of practical, hands-on tools for incident assessment and mitigation

Readership

Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security, etc.) IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.)

Table of Contents

Acknowledgement

Preface

Intended Audience

Organization of this book

Chapter 1. Introduction

Introducing Network Intrusion Analysis

Chapter 2. Intrusion Methodologies and Artifacts

Stage 1: Pre-Intrusion Actions: AKA Reconnaissance

Stage 2: Intrusion Methods

References

Chapter 3. Incident Response

Introduction

Section 1: Methodology

Trusted Toolset

Commercial Triage Tools

Section 2 Memory Acquisition

Introduction

Acquisition

Mdd_1.3.exe

Usage

Win32dd

FTK Imager

Conclusion

References

Chapter 4. Volatile Data Analysis

Introduction

What is Volatile Data?

What is Non-Volatile Data?

Section 1: Collection Tools

Commercial Triage Tools

EnCase Portable, Guidance Software, Inc.

US-LATT, WetStone Technologies, Inc.

Section 2: Memory Analysis

RAM Analysis

References

Chapter 5. Network Analysis

Introduction

Methodology

Network Traffic

Snort

Packet Analysis Tools

Wireshark

Analyzing Data with Wireshark

Netwitness Investigator

Analyzing Data with Netwitness

Log Analysis

Witness Devices

Viewing, Acquiring, Triaging Devices over the Network

References

Chapter 6. Host Analysis

Introduction

Methodology

References

Chapter 7. Malware Analysis

Introduction

Malware Sandbox Creation

Behavioral Analysis Walkthrough

Step 2: Starting the Monitoring Applications

Reporting

Conclusion

References

Chapter 8. Reporting After Analysis

Introduction

Getting Started

The Report Header

Index

Details

No. of pages:
252
Language:
English
Copyright:
© Syngress 2013
Published:
Imprint:
Syngress
eBook ISBN:
9781597499712
Paperback ISBN:
9781597499620

About the Author

Joe Fichera

Joe Fichera is a Sr. Consultant for a global corporation. He is a former computer forensic leader, instructor and curriculum developer for to the Defense Cyber Investigations Training Academy. He holds the following certifications; CISSP, EnCE, EnCEP, CCE, ACE, CTT+, SCNS, A+, Network+, and MCP certifications.

Reviews

"Not only does this book teach you about network intrusion analysis, it also gives you knowledge of how intrusions are performed. This inside information helps give you a better picture of what's really going on when you are investigating a compromise." --Derrick Rountree, CISSP, CASP, MCSE