Cisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity (Paperback)
暫譯: 思科路由器與交換機取證:調查與分析惡意網路活動
Dave Kleiman, Paul A. Henry, Craig Wright, Dale Liu
- 出版商: Syngress Media
- 出版日期: 2009-05-01
- 售價: $2,490
- 貴賓價: 9.5 折 $2,366
- 語言: 英文
- 頁數: 528
- 裝訂: Paperback
- ISBN: 1597494186
- ISBN-13: 9781597494182
-
相關分類:
Cisco
海外代購書籍(需單獨結帳)
買這商品的人也買了...
-
敏捷軟體開發:原則、樣式及實務 (Agile Software Development: Principles, Patterns, and Practices)$780$616 -
Windows XP 與電腦入門$450$356 -
CSS 功能索引式參考手冊$390$308 -
我的影音部落格$320$253 -
網頁程式駭客攻防實戰─以 PHP 為例$520$411 -
ActionScript 3.0 精緻範例辭典$550$435 -
最新 PHP + MySQL + AJAX 網頁程式設計$650$514 -
輕鬆學 PhotoImpact X3 數位影像設計達人$490$387 -
多媒體工具百寶箱$450$356 -
大話設計模式$620$527 -
深入淺出 JavaScript (Head First JavaScript)$880$695 -
深入淺出 Ajax (Head First Ajax)$680$537 -
Java 程式設計藝術 (Java How to Program, 7/e)$450$405 -
Google Android 應用軟體與 JNI 架構設計, 3/e$500$450 -
從組合語言到 Windows 核心程式設計$390$308 -
Google Android 程式設計與應用$520$411 -
Hibernate 3.x-具現物件導向思維的好幫手$500$395 -
軟體漏洞發掘與防禦過程全攻略$450$356 -
JavaScript 權威指南-ECMAScript5 + HTML5 DOM + HTML5 BOM 範例精粹$880$748 -
賈伯斯傳 (軟皮精裝版)$599$473 -
Swift初學特訓班--iOS App 開發快速養成與實戰(附近3小時新手入門與關鍵影音教學/全書範例程式)$420$332 -
JavaScript & jQuery: The Missing Manual, 3/e (國際中文版)$680$537 -
MCP3008 (類比數位轉換器,SPI介面)$180$171 -
奶油蒼蠅 2.0 (奶油蒼蠅多旋翼四軸開發版(整套))$2,700$2,565 -
瀏覽器語言專用 3D引擎: WebGL 完全剖析 (舊版:WebGL 專業級 3D 引擎降臨-使用瀏覽器語言開發)$680$578
商品描述
Cisco IOS (the software that runs the vast majority of Cisco routers and all Cisco network switches) is the dominant routing platform on the Internet and corporate networks. This widespread distribution, as well as its architectural deficiencies, makes it a valuable target for hackers looking to attack a corporate or private network infrastructure. Compromised devices can disrupt stability, introduce malicious modification, and endanger all communication on the network. For security of the network and investigation of attacks, in-depth analysis and diagnostics are critical, but no book currently covers forensic analysis of Cisco network devices in any detail.
Cisco Router and Switch Forensics is the first book devoted to criminal attacks, incident response, data collection, and legal testimony on the market leader in network devices, including routers, switches, and wireless access points.
Why is this focus on network devices necessary? Because criminals are targeting networks, and network devices require a fundamentally different approach than the process taken with traditional forensics. By hacking a router, an attacker can bypass a network's firewalls, issue a denial of service (DoS) attack to disable the network, monitor and record all outgoing and incoming traffic, or redirect that communication anywhere they like. But capturing this criminal activity cannot be accomplished with the tools and techniques of traditional forensics. While forensic analysis of computers or other traditional media typically involves immediate shut-down of the target machine, creation of a duplicate, and analysis of static data, this process rarely recovers live system data. So, when an investigation focuses on live network activity, this traditional approach obviously fails. Investigators must recover data as it is transferred via the router or switch, because it is destroyed when the network device is powered down. In this case, following the traditional approach outlined in books on general computer forensics techniques is not only insufficient, but also essentially harmful to an investigation.
Jargon buster: A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). A router is a more sophisticated network device that joins multiple wired or wireless networks together.
* The only book devoted to forensic analysis of routers and switches, focusing on the operating system that runs the vast majority of network devices in the enterprise and on the Internet
* Outlines the fundamental differences between router forensics and traditional forensics, a critical distinction for responders in an investigation targeting network activity
* Details where network forensics fits within the entire process of an investigation, end to end, from incident response and data collection to preparing a report and legal testimony
Cisco Router and Switch Forensics is the first book devoted to criminal attacks, incident response, data collection, and legal testimony on the market leader in network devices, including routers, switches, and wireless access points.
Why is this focus on network devices necessary? Because criminals are targeting networks, and network devices require a fundamentally different approach than the process taken with traditional forensics. By hacking a router, an attacker can bypass a network's firewalls, issue a denial of service (DoS) attack to disable the network, monitor and record all outgoing and incoming traffic, or redirect that communication anywhere they like. But capturing this criminal activity cannot be accomplished with the tools and techniques of traditional forensics. While forensic analysis of computers or other traditional media typically involves immediate shut-down of the target machine, creation of a duplicate, and analysis of static data, this process rarely recovers live system data. So, when an investigation focuses on live network activity, this traditional approach obviously fails. Investigators must recover data as it is transferred via the router or switch, because it is destroyed when the network device is powered down. In this case, following the traditional approach outlined in books on general computer forensics techniques is not only insufficient, but also essentially harmful to an investigation.
Jargon buster: A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). A router is a more sophisticated network device that joins multiple wired or wireless networks together.
* The only book devoted to forensic analysis of routers and switches, focusing on the operating system that runs the vast majority of network devices in the enterprise and on the Internet
* Outlines the fundamental differences between router forensics and traditional forensics, a critical distinction for responders in an investigation targeting network activity
* Details where network forensics fits within the entire process of an investigation, end to end, from incident response and data collection to preparing a report and legal testimony
商品描述(中文翻譯)
Cisco IOS(運行絕大多數Cisco路由器和所有Cisco網路交換機的軟體)是互聯網和企業網路上的主導路由平台。這種廣泛的分佈以及其架構上的缺陷,使其成為黑客攻擊企業或私人網路基礎設施的有價值目標。被攻擊的設備可能會破壞穩定性、引入惡意修改,並危及網路上的所有通信。為了確保網路安全和調查攻擊,深入的分析和診斷至關重要,但目前沒有任何書籍詳細涵蓋Cisco網路設備的取證分析。
《Cisco路由器和交換機取證》是市場上第一本專注於犯罪攻擊、事件響應、數據收集和法律證詞的書籍,針對網路設備的市場領導者,包括路由器、交換機和無線接入點。
為什麼需要專注於網路設備?因為罪犯正在針對網路,而網路設備需要與傳統取證過程根本不同的方法。通過入侵路由器,攻擊者可以繞過網路的防火牆,發起拒絕服務(DoS)攻擊以禁用網路,監控和記錄所有進出流量,或將這些通信重定向到他們想要的任何地方。但是,捕捉這種犯罪活動無法使用傳統取證的工具和技術。雖然對計算機或其他傳統媒介的取證分析通常涉及立即關閉目標機器、創建副本和分析靜態數據,但這一過程很少能恢復實時系統數據。因此,當調查集中在實時網路活動時,這種傳統方法顯然失敗。調查人員必須在數據通過路由器或交換機傳輸時恢復數據,因為當網路設備關閉電源時,數據會被銷毀。在這種情況下,遵循一般計算機取證技術書籍中概述的傳統方法不僅不夠充分,還對調查本身造成實質性的傷害。
術語解釋:網路交換機是一種小型硬體設備,將多台計算機連接在一個局域網(LAN)內。路由器是一種更為複雜的網路設備,將多個有線或無線網路連接在一起。
* 唯一一本專注於路由器和交換機取證分析的書籍,重點介紹運行絕大多數企業和互聯網網路設備的作業系統
* 概述路由器取證和傳統取證之間的基本差異,這對於針對網路活動的調查響應者來說至關重要
* 詳細說明網路取證在整個調查過程中的位置,從事件響應和數據收集到準備報告和法律證詞的全過程
