Subject: Digital Forensics

Topic: Network Forensics

Difficulty: Medium

• Network forensics is used to determine how a security breach occurred; however, steps must be taken to harden networks before a security breach happens.

• Layered network defense strategy, which sets up layers of protection to hide the most valuable data at the innermost part of the network.

• It also ensures that the deeper into the network an attacker gets, the more difficult access becomes and the more safeguards are in place.

• The National Security Agency (NSA) developed an approach, called the defense in depth (DiD) strategy.

• DiD has three modes of protection:

1. People

2. Technology

3. Operations

If one mode of protection fails, the others can be used to thwart the attack.

Listing people as a mode of protection means organizations must hire well-qualified people and treat them well so that they have no reason to seek revenge. Organizations should make sure employees are trained adequately in security procedures and are familiar with the organization’s security policy.

The technology mode includes choosing a strong network architecture and using tested tools, such as intrusion detection systems (IDSs) and firewalls. Regular penetration testing coupled with risk assessment can help improve network security.

The operations mode addresses day-to-day operations. Updating security patches, antivirus software, and OSs falls into this category, as does assessment and monitoring procedures and disaster recovery plans.