Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 13: Advanced Security and Beyond

Published byAlfredo Strange Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 13: Advanced Security and Beyond"— Presentation transcript:

1 Chapter 13: Advanced Security and Beyond
Security+ Guide to Network Security Fundamentals Second Edition

2 Objectives Define computer forensics
Respond to a computer forensics incident Harden security through new solutions List information security jobs and skills Security+ Guide to Network Security Fundamentals, 2e

3 Understanding Computer Forensics
Computer forensics can attempt to retrieve information—even if it has been altered or erased—that can be used in the pursuit of the criminal The interest in computer forensics is heightened: High amount of digital evidence Increased scrutiny by legal profession Higher level of computer skills by criminals Security+ Guide to Network Security Fundamentals, 2e

4 Forensics Opportunities and Challenges
Computer forensics creates opportunities to uncover evidence impossible to find using a manual process One reason that computer forensics specialists have this opportunity is due to the persistence of evidence Electronic documents are more difficult to dispose of than paper documents Security+ Guide to Network Security Fundamentals, 2e

5 Forensics Opportunities and Challenges (continued)
Ways computer forensics is different from standard investigations: Volume of electronic evidence Distribution of evidence Dynamic content False leads Encrypted evidence Hidden evidence Security+ Guide to Network Security Fundamentals, 2e

6 Responding to a Computer Forensics Incident
Generally involves four basic steps similar to those of standard forensics: Secure the crime scene Collect the evidence Establish a chain of custody Examine and preserve the evidence Security+ Guide to Network Security Fundamentals, 2e

7 Securing the Crime Scene
Physical surroundings of the computer should be clearly documented Photographs of the area should be taken before anything is touched Cables connected to the computer should be labeled to document the computer’s hardware components and how they are connected Team takes custody of the entire computer along with the keyboard and any peripherals Security+ Guide to Network Security Fundamentals, 2e

8 Preserving the Data Computer forensics team first captures any volatile data that would be lost when computer is turned off and moves data to a secure location Includes any data not recorded in a file on the hard drive or an image backup: Contents of RAM Current network connections Logon sessions Network configurations Open files Security+ Guide to Network Security Fundamentals, 2e

9 Preserving the Data (continued)
After retrieving volatile data, the team focuses on the hard drive Mirror image backup (or bit-stream backup) is an evidence-grade backup because its accuracy meets evidence standards Mirror image backups are considered a primary key to uncovering evidence; they create exact replicas of the computer contents at the crime scene Mirror image backups must meet the criteria shown on pages 452 and 453 of the text Security+ Guide to Network Security Fundamentals, 2e

10 Establishing the Chain of Custody
As soon as the team begins its work, must start and maintain a strict chain of custody Chain of custody documents that evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence Security+ Guide to Network Security Fundamentals, 2e

11 Examining Data for Evidence
After a computer forensics expert creates a mirror image of system, original system should be secured and the mirror image examined to reveal evidence All exposed data should be examined for clues Hidden clues can be mined and exposed as well Microsoft Windows operating systems use Windows page file as a “scratch pad” to write data when sufficient RAM is not available Security+ Guide to Network Security Fundamentals, 2e

12 Examining Data for Evidence (continued)
Slack is another source of hidden data Windows computers use two types of slack RAM slack: pertains only to the last sector of a file If additional sectors are needed to round out the block size for the last cluster assigned to the file, a different type of slack is created File slack (sometimes called drive slack): padded data that Windows uses comes from data stored on the hard drive Security+ Guide to Network Security Fundamentals, 2e

13 Examining Data for Evidence (continued)
Security+ Guide to Network Security Fundamentals, 2e

14 Examining Data for Evidence (continued)
Security+ Guide to Network Security Fundamentals, 2e

15 Examining Data for Evidence (continued)
Security+ Guide to Network Security Fundamentals, 2e

16 Hardening Security Through New Solutions
Number of attacks reported, sophistication of attacks, and speed at which they spread continues to grow Recent attacks include characteristics listed on pages 457 and 458 of the text Defenders are responding to the increase in the level and number of attacks New techniques and security devices are helping to defend networks and systems The most recent developments and announcements are listed on pages 458 and 459 of the text Security+ Guide to Network Security Fundamentals, 2e

17 Exploring Information Security Jobs and Skills
Need for information security workers will continue to grow for the foreseeable future Information security personnel are in short supply; those in the field are being rewarded well Security budgets have been spared the drastic cost-cutting that has plagued IT since 2001 Companies recognize the high costs associated with weak security and have decided that prevention outweighs cleanup Security+ Guide to Network Security Fundamentals, 2e

18 Exploring Information Security Jobs and Skills (continued)
Most industry experts agree security certifications continue to be important Preparing for the Security+ certification will help you solidify your knowledge and skills in cryptography, firewalls, and other important security defenses Security+ Guide to Network Security Fundamentals, 2e

19 TCP/IP Protocol Suite One of the most important skills is a strong knowledge of the foundation upon which network communications rests, namely Transmission Control Protocol/Internet Protocol (TCP/IP) Understanding TCP/IP concepts helps effectively troubleshoot computer network problems and diagnose possible anomalous behavior on a network Security+ Guide to Network Security Fundamentals, 2e

20 Packets No matter how clever the attacker is, they still must send their attack to your computer with a packet To recognize the abnormal, you must first understand what is normal Security+ Guide to Network Security Fundamentals, 2e

21 Firewalls Firewalls are essential tools on all networks and often provide a first layer of defense Network security personnel should have a strong background of how firewalls work, how to create access control lists (ACLs) to mirror the organization’s security policy, and how to tweak ACLs to balance security with employee access Security+ Guide to Network Security Fundamentals, 2e

22 Routers Routers form the heart of a TCP/IP network
Configuring routers for both packet transfer and packet filtering can become very involved Security+ Guide to Network Security Fundamentals, 2e

23 Intrusion-Detection Systems (IDS)
Security professionals should know how to administer and maintain an IDS Capabilities of these systems has increased dramatically since first introduced, making them mandatory for today’s networks One problem is that IDS can produce an enormous amount of data that requires checking Security+ Guide to Network Security Fundamentals, 2e

24 Other Skills A programming background is another helpful tool for security workers Security workers should also be familiar with penetration testing Once known as “ethical hacking,” probes vulnerabilities in systems, networks, and applications Security+ Guide to Network Security Fundamentals, 2e

25 Computer Forensic Skills
Computer forensic specialists require an additional level of training and skills: Basic forensic examinations Advanced forensic examinations Incident responder skills Managing computer investigations Security+ Guide to Network Security Fundamentals, 2e

26 Summary Forensic science is application of science to questions of interest to the legal profession Several unique opportunities give computer forensics the ability to uncover evidence that would be extremely difficult to find using a manual process Computer forensics also has a unique set of challenges that are not found in standard evidence gathering, including volume of electronic evidence, how it is scattered in numerous locations, and its dynamic content Security+ Guide to Network Security Fundamentals, 2e

27 Summary (continued) Searching for digital evidence includes looking at “obvious” files and messages Need for information security workers will continue to grow, especially in computer forensics Skills needed in these areas include knowledge of TCP/IP, packets, firewalls, routers, IDS, and penetration testing Security+ Guide to Network Security Fundamentals, 2e

Download ppt "Chapter 13: Advanced Security and Beyond"

Similar presentations

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Computer Forensics.

Computer Forensics.
Chapter 13: Advanced Security and Beyond Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 13: Advanced Security and Beyond Security+ Guide to Network Security Fundamentals Second Edition.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Network+ Guide to Networks, Fourth Edition

Network+ Guide to Networks, Fourth Edition
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
COEN 252 Computer Forensics Forensic Duplication of Hard Drives.

COEN 252 Computer Forensics Forensic Duplication of Hard Drives.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.

Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.

Similar presentations

Ads by Google