eBook - ePub
Network Intrusion Analysis
Methodologies, Tools, and Techniques for Incident Analysis and Response
This is a test
- 252 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Network Intrusion Analysis
Methodologies, Tools, and Techniques for Incident Analysis and Response
Book details
Book preview
Table of contents
Citations
About This Book
Nearly every business depends on its network to provide information services to carry out essential activities, and network intrusion attacks have been growing increasingly frequent and severe. When network intrusions do occur, it's imperative that a thorough and systematic analysis and investigation of the attack is conducted to determine the nature of the threat and the extent of information lost, stolen, or damaged during the attack. A thorough and timely investigation and response can serve to minimize network downtime and ensure that critical business systems are maintained in full operation.
Network Intrusion Analysis teaches the reader about the various tools and techniques to use during a network intrusion investigation. The book focuses on the methodology of an attack as well as the investigative methodology, challenges, and concerns. This is the first book that provides such a thorough analysis of network intrusion investigation and response.
Network Intrusion Analysis addresses the entire process of investigating a network intrusion by: *Providing a step-by-step guide to the tools and techniques used in the analysis and investigation of a network intrusion. *Providing real-world examples of network intrusions, along with associated workarounds. *Walking you through the methodology and practical steps needed to conduct a thorough intrusion investigation and incident response, including a wealth of practical, hands-on tools for incident assessment and mitigation.
- Network Intrusion Analysis addresses the entire process of investigating a network intrusion
- Provides a step-by-step guide to the tools and techniques used in the analysis and investigation of a network intrusion
- Provides real-world examples of network intrusions, along with associated workarounds
- Walks readers through the methodology and practical steps needed to conduct a thorough intrusion investigation and incident response, including a wealth of practical, hands-on tools for incident assessment and mitigation
Frequently asked questions
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlegoās features. The only differences are the price and subscription period: With the annual plan youāll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Network Intrusion Analysis by Joe Fichera,Steven Bolt in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.
Information
Chapter 1
Introduction
Introducing Network Intrusion Analysis
When we first discussed writing this book our main question was, what is the goal of the book? We did not want it to be just another text book that someone could read and maybe understand. Our goal was to make it a learning guide. We wanted the reader to be able to follow along and work through the analysis as they read.
The book will provide the reader with an inside look at not only the analysis of a network intrusion but also the process of conducting the intrusion itself.
As the great Sun Tzu has stated:
So a military force has no constant formation, water has no constant shape: the ability to gain victory by changing and adapting according to the opponent is called genius.1
ā Sun Tzu, The Art of War.
The intrusion analyst must be able to adapt to the ever changing tactics used by intruders. The analyst must also keep current with emerging technologies, hardware and applications. You will never stop learning in this field, which makes for a very exciting career.
This guide is not intended to make the reader a āHacker,ā because, as we can attest to, we are not. What the reader will hopefully get from this guide is an understanding of the process involved in both the intrusion of a network and the analysis of the intrusion. The techniques and processes you will learn in this guide will build a solid foundation that you can then build upon. Once you build this solid foundation, you will have the skills required to adapt to changing attacks/intrusions. You can adapt new tools and techniques that you learn to meet your analysis style and needs. There are many challenges faced by an Intrusion Analyst. Some challenges are easily overcome while others may never be. You will run into a challenge that is out of your area of control and as such, you can only suggest ways to alleviate it.
Some of the challenges you will encounter include:
ā¢Ā Networks of global proportion.
ā¢Ā Multiple operating system environments.
ā¢Ā Larger organizations will have teams of people performing separate facets of the entire analysis process.
ā¢Ā Polymorphic attacks.
ā¢Ā Zero day exploits.
ā¢Ā APT.
ā¢Ā Tracing sources.
ā¢Ā Time, money, and resources.
ā¢Ā International laws.
These are just a few and we could spend many hours deliberating a complete list. The point is that you will always have challenges, how you deal with them is what will separate you from the crowd.
The first process we will explore is that of the attacker. There are five base phases of an intrusion. You will hear them referred to by many different ways. We will refer to them in this book as the following:
1.Ā Pre-intrusion actions.
2.Ā Intrusion methods.
3.Ā Maintaining access.
4.Ā Exploitation.
5.Ā Post-exploitation actions.
Outside of this text, you may also hear these phases referred to as:
1.Ā Reconnaissance.
2.Ā Attack.
3.Ā Entrenchment.
4.Ā Abuse.
5.Ā Obfuscation.
Whichever you choose to call them is irrelevant. You must however, understand what occurs during each phase and where you may find potential evidence.
The process for conducting an analysis is also made up of phases and steps that need to be taken. We will introduce you to one set of core steps to follow when conducting a network intrusion analysis. Here is where your ability to change and adapt according to the evidence comes into play. The ability to change and adapt comes with time, experience and a desire to learn.
We will guide you through the following steps/phases of an analysis:
1.Ā Incident responseāprobably the most critical step.
2.Ā Volatile data analysis.
3.Ā Network analysis.
4.Ā Host analysis.
5.Ā Malware analysis.
6.Ā Remediation.
7.Ā Finalizing the analysis.
Each of the following chapters will walk you through one aspect of either an intrusion into a network or the analysis of that intrusion. Along the way you will be provided with tips, tricks, and step actions. A list of all the tools used will be provided. They will include open source which you can download as needed, and commercial products which you must purchase if desired.
In summary, this book is not meant to be the all-inclusive, definitive guide to a network intrusion analysis. That project would end up being the size of the complete Encyclopedia Britannica, which we have no intention of doing. This book is meant to be a foundation building reference for the individual looking to start a career in this line of work. The chapters ahead will provide you with that solid foundation and understanding of all the skills needed.
1The Art of War, Sun Tzu. Translated by Thomas Cleary. Shambhala Publications, Inc., 1988, p. 113.
Chapter 2
Intrusion Methodologies and Artifacts
In this chapter we will explore the five stages of an intrusion. During each stage you will learn different techniques that an attacker may use. You will also see examples of the various pieces of evidence and where they may be left behind. We will walk through a very simple example of an intrusion from step 1 right through step 5. In the remainder of the chapters we will then walk through the process of investigating the intrusion. You are encouraged to download the tools used and follow along, have fun and learn. You are also encouraged to continue to explore and learn about the many other tools available.
Stage 1: Pre-Intrusion Actions: AKA Reconnaissance
This stage involves gathering as much information about the target as you can. There are generally two types of reconnaissance: passive and active. We will take a look at some different techniques for both types.
Passive recon involves gathering information without ātouchingā the target. Generally, your target will not be aware of your actions. As I am sure you are aware, the Internet provides a...
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Acknowledgement
- Preface
- Chapter 1. Introduction
- Chapter 2. Intrusion Methodologies and Artifacts
- Chapter 3. Incident Response
- Chapter 4. Volatile Data Analysis
- Chapter 5. Network Analysis
- Chapter 6. Host Analysis
- Chapter 7. Malware Analysis
- Chapter 8. Reporting After Analysis
- Index