Network infrastructure is constantly under threat and it is the role of network security personnel to ensure that the system is protected from threats and vulnerabilities. Network forensics assists with this by capturing data and analyzing it so as to identify attacks and/or intrusions. This process is critical in protection of networks which are increasingly under threat. This paper discusses the challenges that face security professions as they carry out forensics. The various tools available for forensics are also highlighted and their functionality noted.
Arguably one of the most epic accomplishments of the 21st century was the invention of the computer and the subsequent creation of networks. These two entities have transformed the world as far as information processing and communication is concerned.
However, these advancements have also resulted in the increase of the frequency and sophistication of computer crimes. It is therefore imperative that countermeasures be developed detect and prevent these attacks. Computer forensics which has a close relationship to cybercrime purports to assist in this by helping in computer crime investigation as well as cyber-attack detection and response. Forensics deals with “the collection and analysis of data from computer systems, networks, communication streams and storage media in a manner admissible in a court of law” (Kessler, 2007). This paper will set out to assess the various challenges that network forensic involves as well as tools that can be used for the same.
Conclusive forensics would require a person to go through enormous numbers data that needs analysis. Erbacher reveals that some organizations process huge amounts of data that requires forensics and current analysis capabilities “are completely lacking in their ability to analyze such large volumes of data” (Erbacher et al., 2006, p.3). As such, security personnel have to decide on what data merits their attention since they are incapable of going through all the data available.
Securing a network is at the best a very challenging task due to the fact that new software and hardware keep being developed and hence the security implementations of the previous year might prove to be grossly inadequate this year. This new technologies at times lead to the introduction of new threats and vulnerabilities against which a network must be protected as more powerful tools for compromising a network are developed.
Tools for Network Forensics
There are many tools that can be used for network forensics. Packet sniffers are some of the most versatile tools in intrusion detection. Sniffer software is used to collect traffic going in and out of a computer system. The security professionals can then monitor the information collected from the packets so as to detect anything malicious or strange (Meghanathan et al., 2009).
Web forensics can be used to check the browsing activity of a user so as to gather critical information. Web forensic tools include; Web Historian and Index.dat analyzer. By use of web forensics, the browsing history of a person can be explored to determine key information such as websites visited, files downloaded or uploaded on various sites and cookie information. This information can allow forensic examiners to trace the steps of an intruder.
Another tools that can be used for network security is a honeypot. A honeypot is defined by Lance Spitzner as “a security resource whose value lies in being probed, attacked or compromised” (Pouget, Dacier & Debar, 2003; Spitzner, 2002). Once the system is compromised by an intruder attack, data is collected on this unauthorized access so as to enable the studying of the same so as to learn about the latest trends and tools used by intruders as well as help in tracing back the traffic to the intruders computer. Honeypots are not designed to prevent a particular intrusion but rather, their objective is to collect information on attacks therefore enabling administrators to detect attack patterns and make necessary changes in their system so as to protect from attacks on their network infrastructure
Research indicates that there are several tools and techniques that are at the disposal of the network security personnel to assist in conducting network forensics. These tools differ in capability but their application results in detection of malicious attacks and they can help protect the network. Research also indicates that intrusion detection and network forensic sometimes overlap. This is because both involve the identification of patterns in network traffic data for particular purposes by the network professional (Erbacher et al., 2006).
Research by Meghanathan et al. (2006) demonstrates that knowledge of tools and techniques for network forensics gives the network security personnel the means to deal with intruders and identify risks. This will have the multiple function of protecting the network from opportunistic intruders who are on the look out for an easy target, preventing access to unauthorized parties and in the event that the system is compromised, early detection and expulsion of the same.
Owing to the critical nature of networks in today’s society, the security of network infrastructure is of great importance. Preventive and detective measures should therefore be employed to improve security. This paper set forth to illustrate that network forensics can be used to identify and catch security threats as well as identify vulnerabilities in a network system. The information obtained can then be used to identify attackers and take legal action against them. From this paper, it is clear that network forensic is a key step analysis of network attacks, intrusions, and misuses therefore resulting in a safer network.
Erbacher, RF., Christiansen, K. & Sundberg, A. (2006). Visual Network Forensic Techniques and Processes. Department of Computer Science, Utah State University, Logan.
Hurley, C. (2006). How to cheat at securing a wireless network. USA: Syngress.
Kessler, G. (2007). Online Education in Computer and Digital Forensics. Proceedings of the 40th Hawaii International Conference on System Sciences.
Meghanathan, N., Allam, S.R. & Moore, A.L. (2009). “Tools and techniques for network forensics”. International Journal of Network Security & Its Applications (IJNSA), Vol.1,No.1.
Pouget, F., Dacier, M. & Debar, H. (2003). White Paper: Honeypot, Honeynet, Honeytoken: Terminological Issues. Web.