Term paper on Network Forensics/Intrusion Detection.
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Term paper on Network Forensics/Intrusion Detection.

  1. #1
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840

    Term paper on Network Forensics/Intrusion Detection.

    Hello everyone,

    I'm currently working on a term paper on Network Forensics and Intrusion Detection. I was wondering if anyone had any information I could use, and if I could schedule an Interview with some of you who have a good background on these matters. I'm planning on using Hacker's Challenge 4th edition, Hacking Exposed fourth edition, and many other websites as references. I was thinking of taking a scenario of an attack, and after mentioning the approach written on the book, I would explain my own approach and possibly the tools that I would use. I'm open for any ideas and any help would be greatly appreciated.

    Thank you so much

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Intrusion Detection: An Analyst Guide by Stephen Northcutt should be a must in your studies in regards to this. You might want to look at some of the "I got 0wned" threads by some of the members here as they might be able to give you some insight into what happens. Also Issue #9 has a nice "I got rewted" article.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    Thank you very much mittens . I was actually telling my professor about you, and the wargame classes that you had ...he thought it was an excellent Idea. I'll def. look into those.

    Recently I've also been testing out LC4 and Cain & Abel password auditing tools and their risk to a network. Perhaps i'll mention those on the paper. I'll post the final paper when i'm done :.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Hehe. Might want to look into the dangers of Ettercap and the Offline NT Password and Registry Editor Bootdisk. Heck, phishing, IMHO, is the new method of choice along with browser hijacking for intrusions and attacks.

    I'm glad your prof liked it. Is he going to use it for a class?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    The current lab that we're in could be turned into one, but he's going on vacation for 6 weeks in march . I don't know about the new proffesor but I'll soon be in charge of a couple of servers at the school, maintaining them. I could work on creating a wargame environment but It has to go through the proper authorities . If i was the one to set it up it would turn more into a script kiddie class rather than a learning environtment unless the teacher is the one supervising the whole thing.

  6. #6
    Member
    Join Date
    Jun 2003
    Posts
    57
    Here are a couple of sites to look at,maybe give you some ideas.

    http://www.nw3c.org/

    National White collar crimecenter. They do Forensics and teach classes on it.

    http://www.counterhack.net/

    Ed Skoudis has several "Hacker challenges" posted here. He is the Track IV guy for SANS. Read through them and the solutions posted, could give you topics for your paper and /or scenarios for your wargaming. They are educational and a little entertaining since he likes to base each one off of a pop culture idiom. Since the solutions are also posted you get a good idea of what is going on, and each one covers a specific vulnerability.
    \"If you take a starving dog in off the street and make him prosperous he will not bite you, this is the principle difference between a dog and a man\" - Mark Twain

  7. #7
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Don't forget the regular end user that downloads wack-a-mole on his network workstation! Skiddies aren't glamorus, but are still a threat as long as the end user remains ignorant of the risks.

    Also, If you're looking for case studies, there's plenty in the SANS website, as well as some research papers written on this subject that you could download. Some of them are good, others are not so good. Read through them and you'll have a good idea of what others have covered in their term/research papers, so you can pick a more original approach, or use some of their data (no plagerism ).

    as far as the interview thing goes, I'm open, as are a few of my associates (I have one that is the head of information security for an international shipping provider that gets attacked several hundred times per hour, drawback of being a global operation)
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.


  8. #8
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    Thank you 57...... (god lol...couldnt u get an easier name ). I'll talk to my professor in a few minutes and see what I can do. I love your sig by the way...and the link is nuts Gotta put that on my AIM profile to keep my GF's ex away from it lol.

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    159
    I know of a friend of mine who had developed IPS with honeynet capability using snort inline and iptables......

    It was able to work at application level.... whereby he could actually retrict access of a user to a website based on his/her user ID......

    Just such for shomiron dasgupta on google.. I guess he has the project on opensourceforge.....

    I am not sure how much would that help u.... In case u feel it can I shall arrange for u to speak to him aswell......
    ****** Any man who knows all the answers most likely misunderstood the questions *****

  10. #10
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    OK i've started writting the paper. Actually this is a smaller version, only 6-8 pages and its for my english class. The CNIS term paper is due march 30th so I still have some time to work on that.

    This is my introduction:

    Introduction:

    Network and computer forensics are investigative analyses of network and computer logs, files, file systems, and hard drives to obtain evidence of cyber-attacks, computer break-ins and other electronic crimes. There is a wide array of tools used for analyses, which vary from one job to the other. I will not get into great detail about the tools since thereís so many and their terminology is quite advanced, making them incomprehensive to the basic computer user. I will only mention a few, which Iíve used throughout the time Iíve spent studying Network Forensics. These tools help system administrators turn into cyber-detectives trying to keep users safe from harm.



    Please throw any ideas you might have...i'm kinda stuck. I dont want to talk too much about the tools but instead get more into the discussion of Network Forensics. I'll also be talking about the Stop, look and listen" systems and ∑ "Catch-it-as-you-can" systems. Throwing a few sentences I could use would be very helpful, and i'll ellaborate from them. Thank you for your help guys/gals... i really appreciate it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •