Library items tagged: investigating

Aftermath

Anonymous
Sunday, February 19, 2012 - 17:58
security
CSIRT
DDOS
denial of service
investigating
technical guide
In this particular incident, the initial tip-off led directly to the departmental network containing the compromised hosts. This information is not always so readily available, since IP spoofing can also be used to simulate traffic from machines on many different networks. Such a situation could be handled by repositioning the network monitor on the backbone (at M’ in the diagram, for example), and again examining the source MAC addresses of attack packets (but note that performance is likely to be a concern, with monitors dropping traffic at gigabit speeds).
Read more

The network monitor

Anonymous
Sunday, February 19, 2012 - 17:57
security
CSIRT
DDOS
denial of service
investigating
technical guide
Our monitor is a Linux system running the Snort lightweight intrusion detection system [3]. Demands on hardware are not very high: we use a redundant Pentium 133-based system with two 10/100Mbit/s network interface cards, 128MB memory and 4GB disk space. This allows us to use one interface to access the console, while the other is dedicated to the RSPAN traffic. It is configured with a minimum number of services running and no user accounts [4].
Read more

Network infrastructure

Anonymous
Sunday, February 19, 2012 - 17:57
security
CSIRT
DDOS
denial of service
investigating
technical guide
The university network is based on a Gigabit Ethernet backbone, linking together departmental Local Area Networks (LANs) which typically deliver switched 10/100Mbit/s to the desktop. The network is shown diagrammatically in Figure 1. Figure 1: Schematic of the university network
Read more

Investigating copyright complaints

Anonymous
Thursday, February 16, 2012 - 07:28
copyright
copyright complaints
factsheet
investigating
security
This content can now be found at https://www.jisc.ac.uk/guides/networking-computers-and-the-law
Read more