Cisco router and switch forensics : investigating and analyzing malicious network activity /

Saved in:
Bibliographic Details
Author / Creator:Liu, Dale.
Imprint:Burlington, MA : Syngress, ©2009.
Description:1 online resource (xi, 504 pages) : illustrations
Language:English
Subject:
Format: E-Resource Book
URL for this record:http://pi.lib.uchicago.edu/1001/cat/bib/13595569
Hidden Bibliographic Details
ISBN:9781597494182
1597494186
9780080953847
0080953840
Notes:Includes bibliographical references and index.
Print version record.
Summary:Cisco IOS (the software that runs the vast majority of Cisco routers and all Cisco network switches) is the dominant routing platform on the Internet and corporate networks. This widespread distribution, as well as its architectural deficiencies, makes it a valuable target for hackers looking to attack a corporate or private network infrastructure. Compromised devices can disrupt stability, introduce malicious modification, and endanger all communication on the network. For security of the network and investigation of attacks, in-depth analysis and diagnostics are critical, but no book currently covers forensic analysis of Cisco network devices in any detail. Cisco Router and Switch Forensics is the first book devoted to criminal attacks, incident response, data collection, and legal testimony on the market leader in network devices, including routers, switches, and wireless access points. Why is this focus on network devices necessary? Because criminals are targeting networks, and network devices require a fundamentally different approach than the process taken with traditional forensics. By hacking a router, an attacker can bypass a network?s firewalls, issue a denial of service (DoS) attack to disable the network, monitor and record all outgoing and incoming traffic, or redirect that communication anywhere they like. But capturing this criminal activity cannot be accomplished with the tools and techniques of traditional forensics. While forensic analysis of computers or other traditional media typically involves immediate shut-down of the target machine, creation of a duplicate, and analysis of static data, this process rarely recovers live system data. So, when an investigation focuses on live network activity, this traditional approach obviously fails. Investigators must recover data as it is transferred via the router or switch, because it is destroyed when the network device is powered down. In this case, following the traditional approach outlined in books on general computer forensics techniques is not only insufficient, but also essentially harmful to an investigation. Jargon buster: A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). A router is a more sophisticated network device that joins multiple wired or wireless networks together. * The only book devoted to forensic analysis of routers and switches, focusing on the operating system that runs the vast majority of network devices in the enterprise and on the Internet * Outlines the fundamental differences between router forensics and traditional forensics, a critical distinction for responders in an investigation targeting network activity * Details where network forensics fits within the entire process of an investigation, end to end, from incident response and data collection to preparing a report and legal testimony.
Other form:Print version: Liu, Dale. Cisco router and switch forensics. Burlington, MA : Syngress, ©2009 9781597494182 1597494186
Standard no.:9786612121111

MARC

LEADER 00000cam a2200000 a 4500
001 13595569
006 m o d
007 cr cn|||||||||
008 091027s2009 maua ob 001 0 eng d
005 20241126150703.9
010 |z  2009284282 
015 |a GBA906611  |2 bnb 
016 7 |a 014883985  |2 Uk 
019 |a 435493293  |a 456377440  |a 560339354  |a 647777106  |a 692287738  |a 712983783  |a 916414955  |a 1062859028  |a 1103276607  |a 1129364719  |a 1153037927  |a 1192330278  |a 1240509339  |a 1255737699 
020 |a 9781597494182 
020 |a 1597494186 
020 |a 9780080953847  |q (electronic bk.) 
020 |a 0080953840  |q (electronic bk.) 
024 8 |a 9786612121111 
035 9 |a (OCLCCM-CC)459953626 
035 |a (OCoLC)459953626  |z (OCoLC)435493293  |z (OCoLC)456377440  |z (OCoLC)560339354  |z (OCoLC)647777106  |z (OCoLC)692287738  |z (OCoLC)712983783  |z (OCoLC)916414955  |z (OCoLC)1062859028  |z (OCoLC)1103276607  |z (OCoLC)1129364719  |z (OCoLC)1153037927  |z (OCoLC)1192330278  |z (OCoLC)1240509339  |z (OCoLC)1255737699 
037 |a 175574:171995  |b Elsevier Science & Technology  |n http://www.sciencedirect.com 
040 |a OPELS  |b eng  |e pn  |c OPELS  |d OPELS  |d CDX  |d OCLCQ  |d LGG  |d N$T  |d UMI  |d EBLCP  |d CEF  |d E7B  |d CNCGM  |d B24X7  |d DEBSZ  |d OCLCQ  |d OCLCF  |d YDXCP  |d OCLCQ  |d COO  |d LIV  |d MERUC  |d OCLCQ  |d NLE  |d D6H  |d OCLCQ  |d WYU  |d UAB  |d LEAUB  |d VT2  |d OCLCQ  |d UHL  |d OCLCQ  |d OCLCO  |d OCLCQ  |d AU@  |d OCLCO  |d OCLCL 
049 |a MAIN 
050 4 |a TK5105.59  |b .L58 2009 
072 7 |a COM  |x 060040  |2 bisacsh 
072 7 |a COM  |x 043050  |2 bisacsh 
072 7 |a COM  |x 053000  |2 bisacsh 
100 1 |a Liu, Dale.  |0 http://id.loc.gov/authorities/names/nb2008016989 
245 1 0 |a Cisco router and switch forensics :  |b investigating and analyzing malicious network activity /  |c Dale Liu, lead author and technical editor ; James Burton [and others]. 
260 |a Burlington, MA :  |b Syngress,  |c ©2009. 
300 |a 1 online resource (xi, 504 pages) :  |b illustrations 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
520 |a Cisco IOS (the software that runs the vast majority of Cisco routers and all Cisco network switches) is the dominant routing platform on the Internet and corporate networks. This widespread distribution, as well as its architectural deficiencies, makes it a valuable target for hackers looking to attack a corporate or private network infrastructure. Compromised devices can disrupt stability, introduce malicious modification, and endanger all communication on the network. For security of the network and investigation of attacks, in-depth analysis and diagnostics are critical, but no book currently covers forensic analysis of Cisco network devices in any detail. Cisco Router and Switch Forensics is the first book devoted to criminal attacks, incident response, data collection, and legal testimony on the market leader in network devices, including routers, switches, and wireless access points. Why is this focus on network devices necessary? Because criminals are targeting networks, and network devices require a fundamentally different approach than the process taken with traditional forensics. By hacking a router, an attacker can bypass a network?s firewalls, issue a denial of service (DoS) attack to disable the network, monitor and record all outgoing and incoming traffic, or redirect that communication anywhere they like. But capturing this criminal activity cannot be accomplished with the tools and techniques of traditional forensics. While forensic analysis of computers or other traditional media typically involves immediate shut-down of the target machine, creation of a duplicate, and analysis of static data, this process rarely recovers live system data. So, when an investigation focuses on live network activity, this traditional approach obviously fails. Investigators must recover data as it is transferred via the router or switch, because it is destroyed when the network device is powered down. In this case, following the traditional approach outlined in books on general computer forensics techniques is not only insufficient, but also essentially harmful to an investigation. Jargon buster: A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). A router is a more sophisticated network device that joins multiple wired or wireless networks together. * The only book devoted to forensic analysis of routers and switches, focusing on the operating system that runs the vast majority of network devices in the enterprise and on the Internet * Outlines the fundamental differences between router forensics and traditional forensics, a critical distinction for responders in an investigation targeting network activity * Details where network forensics fits within the entire process of an investigation, end to end, from incident response and data collection to preparing a report and legal testimony. 
505 0 |a Introduction: An Overview of Cisco Router and Switch Forensics -- Chapter 1: Digital Forensics and Analyzing Data -- Chapter 2: Seizure of Digital Information -- Chapter 3: The Basics of Networking -- Chapter 4: The Language and Mindset of a Network Administrator -- Chapter 5: Subnetting and CIDR -- Chapter 6: Arrival on the Scene -- Chapter 7: Diagramming the Network Infrastructure -- Chapter 8: Cisco IOS Router Basics -- Chapter 9: Understanding the Methods and Mindset of the Attacker -- Chapter 10: Collecting the Non-Volatile Data from a Router -- Chapter 11: Collecting the Volatile Data from a Router -- Chapter 12: Cisco IOS Switch Basics -- Chapter 13: Virtual LANs -- Chapter 14: Collecting the Non-Volatile and Volatile Data from a Switch -- Chapter 15: Preparing Your Report -- Chapter 16: Preparing to Testify -- Appendix A: Cisco Wireless Device Forensics. 
588 0 |a Print version record. 
504 |a Includes bibliographical references and index. 
650 0 |a Computer networks  |x Security measures.  |0 http://id.loc.gov/authorities/subjects/sh94001277 
650 0 |a Routers (Computer networks)  |0 http://id.loc.gov/authorities/subjects/sh99004539 
650 0 |a Computer crimes  |x Investigation.  |0 http://id.loc.gov/authorities/subjects/sh85029493 
650 6 |a Réseaux d'ordinateurs  |x Sécurité  |x Mesures. 
650 6 |a Routeurs (Réseaux d'ordinateurs) 
650 6 |a Criminalité informatique  |x Enquêtes. 
650 7 |a COMPUTERS  |x Internet  |x Security.  |2 bisacsh 
650 7 |a COMPUTERS  |x Networking  |x Security.  |2 bisacsh 
650 7 |a COMPUTERS  |x Security  |x General.  |2 bisacsh 
650 7 |a Computer crimes  |x Investigation  |2 fast 
650 7 |a Computer networks  |x Security measures  |2 fast 
650 7 |a Routers (Computer networks)  |2 fast 
758 |i has work:  |a Cisco router and switch forensics (Text)  |1 https://id.oclc.org/worldcat/entity/E39PCH6qTwFmfDMJgkcHcJwV4q  |4 https://id.oclc.org/worldcat/ontology/hasWork 
776 0 8 |i Print version:  |a Liu, Dale.  |t Cisco router and switch forensics.  |d Burlington, MA : Syngress, ©2009  |z 9781597494182  |z 1597494186  |w (OCoLC)262433471 
856 4 0 |u https://go.oreilly.com/uchicago/library/view/-/9781597494182/?ar  |y O'Reilly 
929 |a oclccm 
999 f f |s d1077af8-fd3e-4edd-aa9f-2da4303c46d8  |i 77e0c72a-90e9-4153-ae70-074d2e736017 
928 |t Library of Congress classification  |a TK5105.59.L58 2009  |l Online  |c UC-FullText  |u https://go.oreilly.com/uchicago/library/view/-/9781597494182/?ar  |z O'Reilly  |g ebooks  |i 13738509