Questions for 454 Lab 4
View the video for Lab 4 - then answer the following questions based on the information presented in the video.
(3 points) 1. List 3 forms evidence is typically discovered in network forensics
The 3 forms of evidences are 1)logs maintained by firewalls, intrusion detections systems, servers, 2)headers of network traffic like e-mail, and 3) active network monitoring – packet sniffers.
(1 point) 2. What are the 3 components of the 3-way handshake? (must get all 3)
The 3 components of the 3-way handshake are SYN-SYN-ACK. There are 3 messages transmitted by TCP to negotiate and start a TCP session between the two computers. This is designed so that two computers attempting to communicate can negotiate the parameters of the network TCP socket connection before transmitting data such as SSH and HTTP web browser requests.
(1 point) 3. Network forensics is not exact. An example was given of a cyber-warfare attack.
The cyber-warfare attack can be done from many different countries. It can be originated from one country and it can be controlled by many bots countries.
What method was used to foul network forensics in this example?
The method to foul network is that one country is controlling the rest of the bots computer which looks like the attacks are from all over the countries.
(1 point) 4. What property of a firewall is the primary distinguishing factor between it and an intrusion detection system (IDS)?
Firewall sits at the boundary of a network and deny traffic that breaks its rules. However, intrusion detection system has sensors throughout the network and usually only logs rule violations and traffic inside the network. It gives view of scanning and probing attempts outside of network.
(1 point) 5. What is the purpose of a Honeypot?
Honey pot is a closely monitored decoy system. It traces the network attacks. It can distract from more valuable targets and gather forensic evidence from the...
Please join StudyMode to read the full document