THE WHATIS.COM WORD-OF-THE-DAY October 29, 2002 network forensics ______________ TODAY'S SPONSOR: Postmaster Direct
Sign up today to receive free information and offers about computers, networking, wireless devices, security, and other timely IT topics. Choose the specific topics you would like to learn more about. Visit http://whatis.techtarget.com/postmasterDirect/ ______________ TODAY'S WORD: network forensics See our definition with hyperlinks at http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci859579,00.html Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. (The term, attributed to firewall expert Marcus Ranum, is borrowed from the legal and criminology fields where forensics pertains to the investigation of crimes.) According to Simson Garfinkel, author of several books on security, network forensics systems can be one of two kinds: - "Catch-it-as-you-can" systems, in which all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage, usually involving a RAID system. - "Stop, look and listen" systems, in which each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires less storage but may require a faster processor to keep up with incoming traffic. Both approaches require significant storage and the need for occasional erasing of old data to make room for new. The open source programs tcpdump and windump as well as a number of commercial programs can be used for data capture and analysis. One concern with the "catch-it-as-you-can" approach is privacy, since all packet information (including user data) is captured. Internet service providers (ISPs) are expressly forbidden by the Electronic Communications Privacy Act (ECPA) from eavesdropping or disclosing intercepted contents except with user permission, for limited operations monitoring, or under a court order. The U.S. FBI's Carnivore is a controversial example of a network forensics tool. Network forensics products are sometimes known as Network Forensic Analysis Tools (NFATs). RELATED TERMS: packet http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212736,00.html RAID http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci214332,00.html open source http://searchsolaris.techtarget.com/sDefinition/0,,sid12_gci212709,00.html ISP http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci214028,00.html Carnivore http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci508347,00.html ______________________ SELECTED LINKS: O'Reilly Network provides an article by Simson Garfinkel, "Network Forensics: Tapping the Internet." http://www.oreillynet.com/lpt/a/1733 Information Security Magazine provides a survey of products in its article, "Analyze This!" http://www.infosecuritymag.com/2002/feb/cover.shtml SearchSecurity.com provides links to articles on "Infrastructure and Network Security." http://searchsecurity.techtarget.com/bestWebLinks/0,289521,sid14_tax281927,00.html ______________________ QUIZ #30 | Troubleshooting Our latest quiz is dedicated to all of you who at one time or another, have had to troubleshoot or debug a computer-related problem. Good luck! >> Take the quiz http://whatis.techtarget.com/definition/0,,sid9_gci849563,00.html ______________________ CROSSWORD PUZZLE #5 | Firewalls Improve your flexible thinking skills. Print out the puzzle and keep it nearby to work on throughout your day! http://whatis.techtarget.com/definition/0,,sid9_gci856796,00.html ______________________ REAL-LIFE CHALLENGE #19 | Internet banking while at work Rob's fellow employees want to know if it's safe to do their Internet banking over the company LAN. Can you advise them? http://whatis.discussions.techtarget.com/WebX?msgInContext@;233.yYyLaVl9sHU.5@.1dcfae0e/154 ______________________ THIS DAY IN TECH HISTORY | October 29, 1971 Surgeons at the University of Pennsylvania reported the first successful use of electricity to repair a bone fracture. When human bone is bent or broken, it generates a low level electrical charge to stimulate the body's internal repair mechanism. http://whatis.techtarget.com/definition/0,,sid9_gci840676,00.html ______________________________ RECENT ADDITIONS AND UPDATES [1] element http://whatis.techtarget.com/definition/0,,sid9_gci859557,00.html [2] OA&M http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci859556,00.html [3] portrait http://whatis.techtarget.com/definition/0,,sid9_gci859545,00.html [4] landscape http://whatis.techtarget.com/definition/0,,sid9_gci859544,00.html [5] TP0-TP4 http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci854617,00.html ____________________________________________________________________ ::::::::::::::::::: WHATIS.COM CONTACTS ::::::::::::::::::: LOWELL THING, Site Editor ([EMAIL PROTECTED]) ____________________________________________________________________ MARGARET ROUSE, Associate Editor ([EMAIL PROTECTED]) ___________________________________________________________________ :::::::::::::::::::: ABOUT THIS NEWSLETTER ::::::::::::::::::::: Published by TechTarget (http://www.techtarget.com) TechTarget - The Most Targeted IT Media Copyright 2002, All Rights Reserved. If you would like to sponsor this or any TechTarget newsletter, please contact Gabrielle DeRussy at [EMAIL PROTECTED] Unsubscribe from 'Word of the Day' - Simply Reply to this Email with REMOVE within the Body or Subject > or - Go to: http://WhatIs.techtarget.com/register - Log in to edit your profile. - Click on the link to Edit email subscriptions. - Uncheck the box next to the newsletter you wish to unsubscribe from. - When finished, click "Save Changes to My Profile."