As before, this section is split into network indications and payload indications. This should assist in matching technologies to the elements that a cybersecurity operator may be looking to identify. Again, you'll notice that significant amounts of crossover exist between technologies; cross-referencing network and payload indicators, along with other contextual information, will always be the most effective means of identifying threats.
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Section 1: Endpoint Threat Analysis and Forensics
- Classifying Threats
- Operating System Families
- Computer Forensics and Evidence Handling
- Section 2: Intrusion Analysis
- Identifying Rogue Data from a Dataset
- Warning Signs from Network Data
- Physical and data link layer (Ethernet) frame headers
- Network layer (IPv4, IPv6, and ICMP) packet headers
- Internet Protocol (IPv4 and IPv6)
- Version
- IPv4: Internet Header Length, options, and padding
- IPv4 – Type of Service and IPv6 – Traffic Class
- IPv4 – Total Length and IPv6 – Payload Length
- IPv4 – Time-to-Live and IPv6 – Hop Limit
- IPv4 – Protocol and IPv6 – Next Header
- IPv4 – identification and flags
- Source and destination addresses
- ICMP
- Internet Protocol (IPv4 and IPv6)
- Transport layer (TCP and UDP) segment and datagram headers
- Application layer (HTTP) headers
- Summary
- Questions
- Further reading
- Network Security Data Analysis
- Section 3: Incident Response
- Roles and Responsibilities During an Incident
- Network and Server Profiling
- Compliance Frameworks
- Section 4: Data and Event Analysis
- Data Normalization and Exploitation
- Drawing Conclusions from the Data
- Section 5: Incident Handling
- The Cyber Kill Chain Model
- Incident-Handling Activities
- Section 6: Mock Exams
- Mock Exam 1
- Mock Exam 2
- Assessments
- Chapter 1: Classifying Threats
- Chapter 2: Operating System Families
- Chapter 3: Computer Forensics and Evidence Handling
- Chapter 4: Identifying Rogue Data from a Dataset
- Chapter 5: Warning Signs from Network Data
- Chapter 6: Network Security Data Analysis
- Chapter 7: Roles and Responsibilities During an Incident
- Chapter 8: Network and Server Profiling
- Chapter 9: Compliance Frameworks
- Chapter 10: Data Normalization and Exploitation
- Chapter 11: Drawing Conclusions from the Data
- Chapter 12: The Cyber Kill Chain Model
- Chapter 13: Incident-Handling Activities
- Chapter 14 – Mock Exam 1
- Chapter 15 – Mock Exam 2
- Other Books You May Enjoy
Network indicators
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.