Wednesday, July 29, 2009

Network Forensics: more than looking for cleartext passwords

My next article will be published in Hakin9 magazine issue 6/2009 available at a good bookstore near you in November. I finished writing it last month but the magazine has a backlog of article contributions.
An excerpt of my soon-to-be available print article.
"Logs and alerts from varied network devices (eg. Firewalls, IPS, routers) report what was blocked. They do not offer Security Analysts with sufficient data to ascertain what had taken place because activities that were malicious or suspicious but successful were not logged. This makes an analyst’s job challenging when requested to determine if a breach had occurred and that is where digital forensics plays a crucial role... The evidence that can be acquired from corporate traffic is limitless but is only restricted by the knowledge and imagination of the canvasser as well as the resources made available."

No comments:

Post a Comment