Project 1 Start Here

Networks can have a variety of security and defense strategies. Network forensics refers to the capture, recording, and analysis of events that occur on a network in an effort to identify the source of attacks or other incidents. Some organizations have established a robust approach that limits potential exposures, while other organizations may employ a strategy that is open to exploitation. Exploitation can occur within an organization and from outside the organization, with network architecture a significant influence in how dramatically an exploitation manifests.

An investigator may know that reviewing the firewall logs is important, but without knowing what to look for. Different situations necessitate looking for different things. There are tools that can be used to provide reports of firewall logs that can help pinpoint activity of interest. It is possible to make a system attack appear to be nothing more than a simple port scan, which can make detection difficult. A tool such as NetStat can provide a picture the state of network connections on a single system.

As part of an investigation, an examiner may also need to review the various types of protocols allowed on a network. This review can include internal traffic as well as protocols leading out of the network. By narrowing down the list of potential protocols, an examiner may be able also to narrow down the options available to a potential attacker. This can also suggest a potential attacker’s modus operandi, which can provide insight into what needs to be modified from a security perspective.

In this project, you will use network forensic techniques to gather and analyze evidence on a network attack and provide recommendations to improve network security for an organization. The project will be completed in five steps. Steps 1–4 consist of exploring network forensics, analyzing incident response, conducting a network analysis using Wireshark, and examining Wireshark results. As you go through each step, you will document your research and findings about network forensics and an network attack. In the final step, you will compile your research and findings to complete a comprehensive incident response report. This report will summarize the field of network forensics, including attack techniques, attack vectors, and digital forensic tools and procedures for analyzing network traffic to understand how a network attack can occur. This final deliverable will conclude with a comprehensive recommendation for network administrators to follow to harden their network infrastructure.

You will be assessed on your final incident report in which you demonstrate your ability to collect network evidence and evaluate data storage, enterprise architecture, information systems, and network security.

Now that you have an idea of the task ahead, review the scenario to get started.

Transcript

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

• 3.1: Identify numerical or mathematical information that is relevant in a problem or situation.
• 3.3: Analyze mathematical or statistical information, or the results of quantitative inquiry and manipulation of data.
• 6.10: Collect network evidence.
• 9.1: Examine Data Storage and Transport Technologies.
• 9.2: Evaluate Enterprise Architecture.
• 9.6: Evaluate Information Systems/Network Security.
• 9.7: Evaluate Embedded Computers.