Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
About the Author
About the Reviewers

Understanding Network Intrusion Prevention Systems

In the earlier section, we spent considerable time understanding NIDS. This has built a solid foundation, which we will find useful when moving on toward understanding NIPS.

Unlike a NIDS, which is a passive system, a NIPS is an active system that monitors network traffic and takes immediate preemptive action when a threat is detected. Intrusions are normally followed very quickly by vulnerability exploits. These are usually in the form of a malicious injection of data into an application or service with the objective of interrupting and gaining control of a machine or application. This could result in a denial of service (disabling applications or services), misusing existing privileges (rights and permissions) or escalating them for misuse, and gaining control of systems or resources.

In the information security world, most exploits come with an expiration date. This is because the moment an exploit has been identified, software vendors...