View the video for Lab 4 - then answer the following questions based on the information presented in the video.
(3 points) 1. List 3 forms evidence is typically discovered in network forensics
The 3 forms of evidences are 1)logs maintained by firewalls, intrusion detections systems, servers, 2)headers of network traffic like e-mail, and 3) active network monitoring – packet sniffers.
(1 point) 2. What are the 3 components of the 3-way handshake? (must get all 3)
The 3 components of the 3-way handshake are SYN-SYN-ACK. There are 3 messages transmitted by TCP to negotiate and start a TCP session between the two computers. This is designed so that two computers attempting to communicate can negotiate the parameters of …show more content…
It can be originated from one country and it can be controlled by many bots countries.
What method was used to foul network forensics in this example?
The method to foul network is that one country is controlling the rest of the bots computer which looks like the attacks are from all over the countries.
(1 point) 4. What property of a firewall is the primary distinguishing factor between it and an intrusion detection system (IDS)?
Firewall sits at the boundary of a network and deny traffic that breaks its rules. However, intrusion detection system has sensors throughout the network and usually only logs rule violations and traffic inside the network. It gives view of scanning and probing attempts outside of network.
(1 point) 5. What is the purpose of a Honeypot?
Honey pot is a closely monitored decoy system. It traces the network attacks. It can distract from more valuable targets and gather forensic evidence from the attackers and their techniques.
(1 point) 6. The first attack demonstrated on the Nittany Corp. network in the lab video is this kind of attack.
The network in the lab video is a port scan