W13
Topic Since information extracted from router or switch interfaces to not provide specific evidence of a particular crime in most cases, what use is the information collected from these devices.
Read and respond to atleast two other students Discussions. (5-6 lines would be more sufficient)
#1.Posted by Srikanth
Routers and switches give the availability, both inside the demilitarized Zone (DMZ) environment and to different tareas of the system to which the DMZ is connected. This makes Routers and switches prime targets for hackers to exploit and gather data about the system or just use as springboards on other devices. This section presents data on the best way to information and arrange some significant router and switch security includes that enable run safely and ensure the devices that they associate. Routers direct traffic all through the undertaking system and are normally the first line of barrier when the system is associating with the Internet. Hackers try to infiltrate routers to gather data or use them as launching pads for further attacks. This is the reason it is critical to secure switches' management interfaces and services to make them trouble for an interloper to hack. Similarly as with routers, switches have an expanding job in system security. The switch gives numerous highlights, including port security. VLANs and PVLANs give the tools to keep the devices on the DMZ secure. It is additionally imperative to secure the switch's management interfaces and services with the goal that hackers can't break into the switch to change VLAN designs, change port settings, or utilize the switch to connect with different parts of the network.
Network forensics is capture, recording and analysis of network packets in order to determine the source of network security attacks. The major goal of network forensics is to collect evidence. It tries to analyze network traffic data, which is collected from different sites and different network equipment, such as firewalls and IDS. In addition, it monitors on the network to detect attacks and analyze the nature of attackers. Network forensics is also the process of detecting intrusion patterns, focusing on attacker activity.
#2.Posted by Naresh
Digital forensics is a special branch of forensic science and playing a vital role in lower down the cyber-crimes including the identification, recovery, investigation, validation, and presentation of facts regarding digital evidence found on computers, network devices and storage media devices which deals with digital data. In solving cyber-crimes evidences collected from network devices like Routers and switches used as a second source of event corroboration which is extremely useful in determining the root cause of an incident. The ability to attain network-based evidence is mainly dependent on the preparations that are untaken by business organization prior to an incident. Without some critical components of a proper infrastructure security program, key pieces of evidence will not be available for incident responders in a timely manner and the critical components for this preparation includes appropriate network documentation, up to date configurations of network devices and a central syslog server deployment and maintenance.
Coming to the network device as evidence in investigation need to mention about what king of evidences can be extracted from these devices. There are a range of companies provides these network devices and in the evidence collecting process specialist should become familiar on how to access these devices and obtain the necessary evidences. Switches are back-bone of the local area networks where handle the traffic for individual segments. Switches have two key points of evidence, first is the Content Addressable Memory (CAM) table. This CAM table maps the physical ports on the switch to the Network Interface Card (NIC) on each device connected to the switch. This can aid in the identification of possible rogue devices. The second way switches can aid in an incident investigation is through facilitating network traffic capture. The second type of network device is Router, it allows organizations to connect multiple LANs into either Metropolitan Area Networks or Wide Area Networks and handled an extensive amount of traffic. The key piece of evidentiary information that routers contain is the routing table. This table holds the information for specific physical ports that map to the networks.
To identify potential sources of evidence, incident responders need to have a solid understanding of evidence from a wide range of sources. Different types of LOGS are the key thing when it comes to evidence collection including logging as close to the event, document Failures, logs from compromised systems. Data collected by Discovery on network routers and switches identified by table field corresponding source or destination for example “IP address cmdb_ci_network_adapter source from SNMP, IP MIB”, in Router Forensics some CLI commands ´”Show access list, Show clock, Show ip route and Show startup” produces the relative evidences can be used as secondary evidences in most of the cyber-crime investigations.