Term paper on Network Forensics/Intrusion Detection.

[Cybr1d]

Hello everyone,

I'm currently working on a term paper on Network Forensics and Intrusion Detection. I was wondering if anyone had any information I could use, and if I could schedule an Interview with some of you who have a good background on these matters. I'm planning on using Hacker's Challenge 4th edition, Hacking Exposed fourth edition, and many other websites as references. I was thinking of taking a scenario of an attack, and after mentioning the approach written on the book, I would explain my own approach and possibly the tools that I would use. I'm open for any ideas and any help would be greatly appreciated.

Thank you so much

[MrLinus]

Intrusion Detection: An Analyst Guide by Stephen Northcutt should be a must in your studies in regards to this. You might want to look at some of the "I got 0wned" threads by some of the members here as they might be able to give you some insight into what happens. Also Issue #9 has a nice "I got rewted" article.

[Cybr1d]

Thank you very much mittens . I was actually telling my professor about you, and the wargame classes that you had ...he thought it was an excellent Idea. I'll def. look into those.

Recently I've also been testing out LC4 and Cain & Abel password auditing tools and their risk to a network. Perhaps i'll mention those on the paper. I'll post the final paper when i'm done :.

[MrLinus]

Hehe. Might want to look into the dangers of Ettercap and the Offline NT Password and Registry Editor Bootdisk. Heck, phishing, IMHO, is the new method of choice along with browser hijacking for intrusions and attacks.

I'm glad your prof liked it. Is he going to use it for a class?

[Cybr1d]

The current lab that we're in could be turned into one, but he's going on vacation for 6 weeks in march . I don't know about the new proffesor but I'll soon be in charge of a couple of servers at the school, maintaining them. I could work on creating a wargame environment but It has to go through the proper authorities . If i was the one to set it up it would turn more into a script kiddie class rather than a learning environtment unless the teacher is the one supervising the whole thing.

[Gump]

Here are a couple of sites to look at,maybe give you some ideas.

http://www.nw3c.org/

National White collar crimecenter. They do Forensics and teach classes on it.

http://www.counterhack.net/

Ed Skoudis has several "Hacker challenges" posted here. He is the Track IV guy for SANS. Read through them and the solutions posted, could give you topics for your paper and /or scenarios for your wargaming. They are educational and a little entertaining since he likes to base each one off of a pop culture idiom. Since the solutions are also posted you get a good idea of what is going on, and each one covers a specific vulnerability.

[576869746568617]

Don't forget the regular end user that downloads wack-a-mole on his network workstation! Skiddies aren't glamorus, but are still a threat as long as the end user remains ignorant of the risks.

Also, If you're looking for case studies, there's plenty in the SANS website, as well as some research papers written on this subject that you could download. Some of them are good, others are not so good. Read through them and you'll have a good idea of what others have covered in their term/research papers, so you can pick a more original approach, or use some of their data (no plagerism ).

as far as the interview thing goes, I'm open, as are a few of my associates (I have one that is the head of information security for an international shipping provider that gets attacked several hundred times per hour, drawback of being a global operation)

[Cybr1d]

Thank you 57...... (god lol...couldnt u get an easier name ). I'll talk to my professor in a few minutes and see what I can do. I love your sig by the way...and the link is nuts Gotta put that on my AIM profile to keep my GF's ex away from it lol.

[anjali]

I know of a friend of mine who had developed IPS with honeynet capability using snort inline and iptables......

It was able to work at application level.... whereby he could actually retrict access of a user to a website based on his/her user ID......

Just such for shomiron dasgupta on google.. I guess he has the project on opensourceforge.....

I am not sure how much would that help u.... In case u feel it can I shall arrange for u to speak to him aswell......

[Cybr1d]

OK i've started writting the paper. Actually this is a smaller version, only 6-8 pages and its for my english class. The CNIS term paper is due march 30th so I still have some time to work on that.

This is my introduction:

Introduction:

Network and computer forensics are investigative analyses of network and computer logs, files, file systems, and hard drives to obtain evidence of cyber-attacks, computer break-ins and other electronic crimes. There is a wide array of tools used for analyses, which vary from one job to the other. I will not get into great detail about the tools since there’s so many and their terminology is quite advanced, making them incomprehensive to the basic computer user. I will only mention a few, which I’ve used throughout the time I’ve spent studying Network Forensics. These tools help system administrators turn into cyber-detectives trying to keep users safe from harm.



Please throw any ideas you might have...i'm kinda stuck. I dont want to talk too much about the tools but instead get more into the discussion of Network Forensics. I'll also be talking about the Stop, look and listen" systems and · "Catch-it-as-you-can" systems. Throwing a few sentences I could use would be very helpful, and i'll ellaborate from them. Thank you for your help guys/gals... i really appreciate it