Securing the Information on the Network, Essay Example

Network Forensics

Information is lifeblood for any organization. As information is digitized, it is stored on information systems and travels to the inbound and outbound network. The storage and transmission of data is essential for business automation and business functions. However, there are many challenges that organizations have to overcome for securing the information on the network as well as in the servers. Certified skilled professionals, incident response management teams and other relevant staff plays a significant role for protecting and responding to threats that may or have compromise the network to gain access to business critical information of the organization. As per the current scenario, where the network is already compromised, it is important to identify and isolate the affected area, so that the threat cannot exploit itself. Moreover, there is one more challenge for the network administrators i.e. they are not able to find traces for the threat that has already penetrated into a distributed network environment. Likewise, distributed network is a merger of two or more networks and may be operational on a broad spectrum. Moreover, the existing network security controls are not capable to detect the worm, as the distributed network is connected to one or more networks, it is difficult to analyze specific anomalies and patterns of unknown activity on the distributed network. Furthermore, the combination of infinite data packets can construct a major impact on the network because they all have the same frequency and are associated with the same domain that is similar to the current scenario. For addressing this issue, a methodology for detecting threats on a distributed network was presented by (Zonglin, Guangmin, Xingmiao, & Dan, 2009). This method consists of pattern detection for distributed network environment and also provides a network wide correlation analysis associated with instant parameters along with anomalous space extraction, instant amplitude and instant frequency. As per the current scenario, network administrator can apply this model foe enabling instant amplitude and instant frequency so that transmission of data packets on the network can detect unknown activities or patterns on the network. Moreover, this model will also facilitate to categorize data packets in to time and frequency domains distinctly. Furthermore, network administrators can also implement a methodology, subset of the current methodology, which is called as anomalous space extraction based on predictions of network traffic or transmission of data packets. Likewise, anomalous space extraction will enhance capabilities of network administrators for PCA based methods that are already compromised in the current scenario. Moreover, network wide correlation analysis of amplitude and frequency that is also a subset of this methodology will determine overall transmission of data packets initiating from these distributed networks because the current methodology is not capable of detecting them, as they are infinite. After the identification of the root cause or source of the worm, the next step is to identify the infected nodes as well. Network administrator will use a specialized tool, as manual work will consume a lot of time and in some cases it becomes impossible to detect unknown patterns that are located deep down the network layers. In this case, ‘Wireshark’ is recommended, as it has advanced facilities and features that will analyze network traffic packet by packet and will provide in-depth analysis (Scalisi, 2010).

By using this ‘Wireshark’ tool, the first step a network administrator will take is the identification of traffic type or port types that will be the focus area. Likewise, the second step will be associated with capturing data packets on all ports that are available on the network (Scalisi, 2010). However, the current tool that is in operation has options for only targeting specific ports. Besides, Intrusion Detection System that is currently installed on the network mat conflict with this tool and, therefore, needs consideration. Consequently, ‘Wireshark’ will differentiate unknown network patters by analyzing each port so that statistics related to each data packet can be identified.

The third task will be to trace the source from where the attack has been initiated. Likewise, network administrators have to focus on two areas i.e. record routes and time stamps. Moreover, these two fields are also considered by network administrators to address routing issues that may occur.  Furthermore, one more challenge that needs to be addresses is the time synchronization that is conducted by a track backing process. Time synchronization is important because data packets are travelled from one time zone to another. In order to address this challenge, a methodology named as packet marking will be implemented. Likewise, this methodology will integrate fractional information with data for conducting a successful trace back.

Conclusion

Network administrators must comprehend methods and tools for identifying isolating and tracing the root cause of the threat. However, these are all challenges for network administrators that can be overcome by several methods and tools. However, that can be applied as per scenario or the threat that has compromised system.

References

Zonglin, L., Guangmin, H., Xingmiao, Y., & Dan, Y. (2009). Detecting distributed network traffic anomaly with network-wide correlation analysis. EURASIP Journal on Advances in Signal Processing, , 1-11. doi:10.1155/2009/752818

Scalisi, M. (2010). Analyze network problems with wireshark. PC World, 28(4), 30-30.