Network Forensics: Intrusion Process

Network intruders can enter a system using the following methods:

Ø  Enumeration: Enumeration is the process of gathering information about a network that may help an intruder attack the network. Enumeration is generally carried out over the Internet.

The following information is collected during enumeration:

•         Topology of the network

•         List of live hosts

•         Network architecture and types of traffic (for example, TCP, UDP, and IPX)

•         Potential vulnerabilities in host systems

Ø  Vulnerabilities: An attacker identifies potential weaknesses in a system, network, and elements of the network and then tries to take advantage of those vulnerabilities. The intruder can find known vulnerabilities using various scanners.

Ø  Viruses: Viruses are a major cause of shutdown of network components. A virus is a software program written to change the behaviour of a computer or other device on a network, without the permission or knowledge of the user.

Ø  Trojans: Trojan horses are programs that contain or install malicious programs on targeted systems. These programs serve as back doors and are often used to steal information from systems.

Ø  E-mail infection: The use of e-mail to attack a network is increasing. An attacker can use e-mail spamming and other means to flood a network and cause a denial-of-service attack.

Ø  Router attacks: Routers are the main gateways into a network, through which all traffic passes. A router attack can bring down a whole network.

Ø  Password cracking: Password cracking is a last resort for any kind of attack.