THE ENEMY INSIDE THE GATES – ANALYSIS AND DETECTION EFORENSICS OPEN

1. THE ENEMY INSIDE THE GATES – A GUIDE TO USING OPEN SOURCE TOOLS FOR NETWORK FORENSICS ANALYSIS
by Phill Shade, Certified instructor for Wireshark University, Expert and Speaker at SHARKFEST’13, internationally recognized Network Security and Forensics Expert

The goal of this brief tutorial is to introduce the concepts and techniques of Network Forensics Analysis including:
- Understanding the principles of Network Forensics Analysis and situations in which to apply them to evidence analysis
- Selecting and configuring Wireshark for Network Forensics Analysis to capture and recognize traffic patterns associated with suspicious network behavior.
- Specialized Network Forensics Analysis techniques including suspicious data traffic reconstruction and viewing techniques such as Web-Browsing sessions, Emails or file transfer activities or for detailed analysis and evidentiary purposes.
- Network security principles including encryption technologies, defensive configurations of network infrastructure devices and understanding and recognizing potential network security infrastructure mis-configurations

2. NETWORK FORENSIC WITH WIRESHARK – DISCOVERING AND ISOLATING DOS/DDOS ATTACKS
by Yoram Orzach, author of “Network Analysis Using Wireshark Cookbook” and various technical articles, experienced in design, implementation, and troubleshooting, along with training for R&D, engineering, and IT groups.

Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks are attempts to make a computing or network resource unavailable to its users. There are various types of DoS/DDoS attacks, some load the network to the point it is blocked for applications traffic, some load servers to that point, and some are more sophisticated and try to “confuse” the application servers with bad data. Although there are various tools for detection and prevention of these types of attacks, good old Wireshark can also be used for this purpose. In this article we will see some important features of Wireshark, were to place it for capturing data, and how to use it to identify attack patterns

3. PACKET ANALYSIS USING WIRESHARK TO AID IN NETWORK FORENSIC INVESTIGATIONS
by Jessica Riccio, Computer Forensics Technician at Burgess Consulting&Forensics

Imagine that you are the manager of a company and receive a tip from an employee that another employee is using his computer to view images that violate the company’s computer use policy. After hearing this information, you want to decide if the allegations made against your employee are true. All you need to do is launch Wireshark and follow Jessica’s guide!

4. CREATING AN INCIDENT RESPONSE PROCESS
by Vincent Beebe, Network Security Advisor at Dell SecureWorks

In today’s technologically advanced society, our response to events is extremely important. This is never truer than when it comes to assets within a company. There are a lot of tools in place in today’s business world to monitor and protect. Unfortunately, in a lot of cases, there is no established process that defines what to do when an alert occurs…

5. A General Approach to Anti-Forensic Activity Detection
by Joshua I. James, Moon Seong Kim, JaeYoung Choi, Sang Seob Lee, Eunjin Kim

The first challenge with detection of ‘anti-forensic’ techniques and tools, however, is to understand what exactly anti-forensics is. A number of works have proposed definitions of anti-forensics, however, Harris gives one of the most comprehensive discussions on the topic, eventually defining anti-forensics as “any attempts to compromise the availability or usefulness of evidence to the forensics process” (Harris, 2006)⁠. Other definitions were given prior to this, but – as Harris points out – they focused on specific segments of anti-forensics. Harris’ definition may be suitable for a general understanding of anti-forensics, but gets us no closer to understanding different types of anti-forensics and their nuances.

6. FINDING ADVANCED MALWARE USING VOLATILITY
by Monnappa Ka

When an organization is a victim of advanced malware infection, a quick response action is required to identify the indicators associated with that malware to remediate, establish better security controls and to prevent future ones from occurring. In this article you will learn to detect advance malware infection in memory using a technique called “Memory Forensics” and you will also learn to use Memory Forensic Toolkits such as Volatility to detect advanced malware with a real case scenario.

7. THE ROOTKITS: An Informative Nutshell Approach of Rootkit Forensics for Computer Forensics Experts
by Dr. Sameera de Alwis

Enormous volume of hacking occurrences, severe data breaches and data leakages are being reported universally. Rootkits (A.K.A – Administrator’s Nightmare) are rapidly fetching the tool of choice for the present day cyber-crimes and reconnaissance involving network interrelated computing equipment and data. Rootkit is a type of malicious (malcode) software application or malware that is installed by an invader afterward the target victim system has been compromised at the root or administrator’s level. Present-day and emerging uncovering tactics rely on low level knowledge of Rootkit enactments, and so will persist in a mercurial point.

8. HOW IMPORTANT IT IS TO PROTECT YOUR TREASURE (DATA) FROM THE THEFT?
By Ernst Eder

As more company information is saved electronically there is an increase in the theft of this data. Data theft is a huge problem for every company regardless of size or location. Corporations lose billions of dollars per year as a result of data theft. Companies must be diligent in guarding against this threat. The problem is that data thieves (hackers) may come from outside a company or they may be a company’s own employees.

9. QUESTIONS’ COLUMN. INTERVIEW WITH JASON BROZ
By Robert Vanaman

Businesses need to have a robust overall security program based on continually assessing risk. Many tactical items roll up to the program level and are dependent on technology and operational constraints currently in place. Implementing tokenization or a P2PE validated solution would assist in the protection of credit card data, but those solutions alone are not the key.”

10. QUESTIONS’ COLUMN. INTERVIEW PANEL WITH ED GUNDRUM
By Robert Vanaman

“My advice would be to consider the anomalies. As the recent attack on major US retailers demonstrated, it is important to extend security policies and measures throughout your company’s entire eco-system, including outside entities like suppliers, channels and partners who may have partial access into your data systems.”

11. 21st CENTURY THREATS WARRANT THE NEED FOR NEXT-GENERATION MULTI-FACTOR AUTHENTICATION
by Claus Rosendal, SMS PASSCODE

A recent survey from ESG Research revealed that 44 percent of enterprise security professionals felt that username and password authentication is no longer secure and should be eliminated as form of authentication for business critical applications.  Given the rising disdain for this form of antiquated authentication, it’s apparent that next-generation authentication that addresses today’s modern threats is needed ASAP.

12. THE EVOLUTIONARY APPROACH TO DEFENSE
by Filip Nowak

The evolutionary approach to IT security seems to be the most natural and efficient way to resist cyber-attacks. The Red Queen Effect describes the relationship between the attacker and thedefender – the neverending story of cyber battles, but can we minimize the ‘mean time to identify’ and respond on time to any security intrusion? Integrated solutions, collaboration, and ‘shinytoys’ are still not enough – presented SIEM based incident response methodology and intrusion lifecycle can bring relief to any computer security incident handler, and help those, whostruggle with SIEM deployment and incident response process. Having seen the intrusion chain’s feedback loop and framework itself, it is time to combine known practices and use them in thecorporation environments to create a more active and defensive security posture.

13. A PREEMPTIVE FORENSIC APPROACH TO CYBER DEFENSE
by Dan Solomon

The methods employed by advanced attackers now compel organizations to adopt a more proactive approach to the security of digital assets and the processes that handle them. The nature of sophisticated threats negates the efficacy of static and reactive measures to securing against cyber-attacks and in most cases, limits the options for real-time response to a breach in its earlier phases.

14.  PREEMPTIVE FORENSICS -An introspective with The Dan Solomon
by Robert Vanaman, MBA, MS

15. OVER THE RAINBOW TABLE. AN OVERVIEW OF SYMMETRICAL AND ASYMMETRICAL PASSWORD ENCRYPTIONS
by M.L. Smith

Since 1976, the Data-Encryption-Standard has been the norm for protecting passwords.  However, from its inception, academics have challenged its effectiveness. Now an asymmetrical algorithm called Rainbow Tables has taken the lead and become the stand-out contender over DES.

16. WIRELESS PENETRATION TESTING APPROACH TO SECURING CLIENT’S WIRELESS ACCESS POINT
by Saurabh Kumar

Our clients reach to us when wireless access point challenges vague and they are not confident that clients have the internal capability to meet their wireless security controls in a cost effective manner for their organization. What we bring to our clients is our experience providing tested and reliable processes and recommendation to their parti

17. AUTOMATIC REACTION STRATEGIES FOR CRITICAL INFRASTRUCTURE PROTECTION: COCKPITCI APPROACH
by S.L.P. Yasakethu and J. Jiang

In today’s growing cyber world, where a nation’s vital communications and utilities infrastructure can be impacted depending upon the level and sophistication of hostile attacks, the need for Critical Infrastructure Protection (CIP) and advanced cyber security is at all-time high. In this article we discuss automatic intrusion reaction strategies which will be investigated in a new European Framework-7 (FP7) funded research project, CockpitCI.