Introducing
Prezi AI.
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Loading…
30
Transcript
Module: 08
Network Forensics
LEARNING OBJECTIVES
The learning objectives of this module are to:
✓ LO#01: Understand Network Forensics ✓
LO#02: Explain Logging Fundamentals and Network Forensic Readiness ✓
LO#03: Summarize Event Correlation Concepts ✓
LO#04: Identify Indicators of Compromise (IoCs) from Network Logs ✓
LO#05: Investigate Network Traffic ✓
LO#06: Perform Incident Detection and Examination with SIEM Tools ✓
LO#07: Monitor and Detect Wireless Network Attacks
Learning Objective
Understand
Network Forensics
Understand Network Forensics
Postmortem and Real-Time Analysis
Network Attacks
Indicators of Compromise (IOCs)
Where to Look for Evidence
Where to Look for Evidence
Types of Network-based Evidence
Explain Logging Fundamentals and Network Forensic Readiness
Explain Logging Fundamentals and Network Forensic Readiness
Log Files as Evidence
Legal Criteria for Admissibility of Logs as Evidence
Legal Criteria for Admissibility of Logs as Evidence (Cont’d)
Legal Criteria for Admissibility of Logs as Evidence (Cont’d)
Records of Regularly Conducted Activity as Evidence
Guidelines to Ensure Log File Credibility and Usability
Ensure Log File Authenticity
Centralized Logging Best Practices
Addressing the Challenges in Centralized Log Management
Summarize Event Correlation Concepts
Summarize Event Correlation Concepts
Event Correlation
Types of Event Correlation
Event Correlation Approaches
Event Correlation Approaches (Cont’d)
Event Correlation Approaches (Cont’d)
Event Correlation Approaches (Cont’d)
Identify Indicators of Compromise (IOCs) from Network Logs
Identify Indicators of Compromise (IoCs) from Network Logs
Analyzing Firewall Logs
Title
Analyzing Firewall Logs: Cisco
Title
Analyzing Firewall Logs: Cisco (Cont’d)
Title
Analyzing Firewall Logs: Cisco (Cont’d)
Title
Analyzing Firewall Logs: Cisco (Cont’d)
Title
Analyzing Firewall Logs: Check Point
Title
Analyzing Firewall Logs: Check Point (Cont’d)
Title
Analyzing Firewall Logs: Check Point (Cont’d)
Title
Analyzing Firewall Logs: Check Point (Cont’d)
Title
Analyzing Firewall Logs: Check Point (Cont’d)
Title
Analyzing IDS Logs
Title
Analyzing IDS Logs: Juniper
Title
Analyzing IDS Logs: Juniper (Cont’d)
Title
Analyzing IDS Logs: Juniper (Cont’d)
Title
Analyzing IDS Logs: Juniper (Cont’d)
Title
Analyzing IDS Logs: Check Point
Title
Analyzing IDS Logs: Check Point (Cont’d)
Title
Analyzing Honeypot Logs
Title
Analyzing Router Logs
Title
Analyzing Router Logs (Cont’d)
Title
Analyzing Router Logs (Cont’d)
Title
Analyzing Router Logs: Cisco
Title
Analyzing Router Logs: Cisco (Cont’d)
Title
Analyzing Router Logs: Cisco (Cont’d)
Title
Analyzing Router Logs: Cisco (Cont’d)
Title
Analyzing Router Logs: Cisco (Cont’d)
Title
Analyzing Router Logs: Juniper
Title
Analyzing Router Logs: Juniper (Cont’d)
Title
Analyzing DHCP Logs
Title
Investigate
Network Traffic
Investigate Network Traffic
Why Investigate Network Traffic?
Gathering Evidence via Sniffers
Sniffing Tool: Tcpdump
Sniffing Tool: Wireshark
Sniffing Tool: Wireshark
Sniffing Tool: Wireshark
Sniffing Tool: Wireshark
Display Filters in Wireshark
Analyze Traffic for TCP SYN Flood DoS Attack
Analyze Traffic for TCP SYN Flood DoS Attack
Analyze Traffic for TCP SYN Flood DoS Attack
Analyze Traffic for SYN-FIN Flood DoS Attack
Analyze Traffic for SYN-FIN Flood DoS Attack
Analyze Traffic for SYN-FIN Flood DoS Attack
Analyze Traffic for FTP Password Cracking Attempts
Analyze Traffic for FTP Password Cracking Attempts
Analyze Traffic for FTP Password Cracking Attempts
Analyze Traffic for SMB Password Cracking AttemptS
Analyze Traffic for SMB Password Cracking AttemptS
Analyze Traffic for Sniffing Attempts
Analyze Traffic for MAC Flooding Attempt
Analyze Traffic for MAC Flooding Attempt
Analyze Traffic for MAC Flooding Attempt
Analyze Traffic for ARP Poisoning Attempt
Analyze Traffic for ARP Poisoning Attempt
Analyze Traffic to Detect Malware Activity
Analyze Traffic to Detect Malware Activity
Perform Incident Detection and Examination with SIEM Tools
Perform Incident Detection and Examination with SIEM Tools
Centralized Logging Using SIEM Solutions
SIEM Solutions: Splunk Enterprise Security (ES)
SIEM Solutions: IBM QRadar
Examine Brute-force Attack
Examine Brute-force Attack
Examine Brute-force Attack
Examine DoS Attack
Examine DoS Attack
Examine DoS Attack
Examine Malware Activity
Examine Malware Activity
Examine Malware Activity
Examine Data Exfiltration Attempts over FTP
Examine Data Exfiltration Attempts over FTP
Examine Network Scanning Attempts
Examine Network Scanning Attempts
Examine Network Scanning Attempts
Examine Ransomware Attack
Examine Ransomware Attack (Cont’d)
Examine Ransomware Attack (Cont’d)
Examine Ransomware Attack (Cont’d)
Examine Ransomware Attack (Cont’d)
Examine Ransomware Attack (Cont’d)
Detect Rogue DNS Server (DNS Hijacking / DNS Spoofing)
Monitor and Detect
Wireless Network Attacks
Monitor and Detect Wireless Network Attacks
Wireless Network Security Vulnerabilities
Monitoring for Attacks and Vulnerabilities
Detect Rogue Access Points
Detect Access Point MAC Address Spoofing Attempts
Detect Misconfigured Access Points
Detect Honeypot Access Points
Detect Signal Jamming Attack
Module Summary
Choose a template
Learn more about creating dynamic, engaging presentations with Prezi