文件名称:Cisco Switch Forensics_ Investigating Analyzing Malicious Network Activity
文件大小:10.96MB
文件格式:PDF
更新时间:2022-09-11 03:59:29
Cisco Investigating Forensics Analyzing Network
About This Book Before we can delve into the world of conducting router and switch forensics on Cisco devices, we need to discuss what makes a network secure. Thirty years ago we were using mainframe computers and “security” meant nothing more than the fact that a physical wall separated the people who worked with the data from the machines storing that data. As PCs and local area networks (LANs) have gained acceptance over the years, securing data and resources has become more difficult. Routers and switches are the devices that join PCs on a LAN and that join LANs over the Internet. Since Cisco is one of the market leaders in supplying these devices, its products have become the targets of miscreants who are attempting to break into companies’ secure networks. By reading this book, you will learn how to recognize an incident (breach), how to gather evidence of the incident, how to get the appropriate local, state, or federal agencies involved, and how to present your case. In this introduction, we will discuss secure network design and Cisco’s role in router and switch forensics. We will also discuss the equipment we’ll be using for the examples in the book, as well as introduce the incident that we will investigate. In later chapters, we will discuss what it takes to set up routers and switches. Defining a Secure Network Network security is becoming increasingly important as more people send private data over the public Internet. As you define network infrastructure, you need to consider security, logging, and forensic data–gathering methodologies up front. In this section, we will discuss options for defining a secure network. Network Architectures Network architectures exist in many forms ; however, the most common topology in use today is the star topology, of which there are two types: the flat topology LAN, shown in Figure 1, and the zoned trust topology, shown in Figure 2. The key difference between the two types of network architectures is the use of additional firewalls inside the LAN to secure sensitive resources from attacks initiated inside the LAN.