Documente Academic
Documente Profesional
Documente Cultură
Bob Miller
Senior Systems Manager
847-707-5498
robert.miller@flukenetworks.com
Todays Agenda
Introduction
Network Forensics Basics
Flow Based Forensics
Packet Forensics
WLAN Forensics
RF and 802.11
Questions
2
Forensics Compliance
Sarbanes-Oxley
California SB 1386
Graham Leach Bliley
HIPPA
PCI-DSS
Federal Information Security Management Act of 2002
DoD
Basel II
Information Standard for Information Security (ISO 27001
Compliance)
Forensic Tools
Ethernet
Stream to Disk Technology with vast storage capacity
High Speed Disk Captures
High Speed Interfaces
Extensive capture and display filters for data analysis
WLAN
Layer 2 WLAN Analysis
Layer 1 RF Interference Detection and Analysis
Netflow Technologies
Collection from many L3 Netflow type devices for LAN, WAN, other
flow technologies devices
Network TAPS
Provides data replication without detection
5
8
8
10
11
13
14
15
16
17
18
19
20
21
23
24
25
26
27
VoIP Forensics
28
Signaling Traffic
SIP
H.323
MGCP
Proprietary (CSSP, Unistim)
30
31
32
WLAN Performance
Rogue Detection
Packet Decode
Channel Utilization
33
RF Forensics
What is RF Forensics?
The ability to monitor, capture and analyze the physical layer
of the frequencies that the WLAN 802.11 (2.4GHz &5GHz)
use for transmission
34
35
36
37
38
WLAN RF Forensics
Prevention
Can be used as a denial of service attack. RF Forensics
equipment can be used to not only capture the type of RF
but also attempt to fingerprint the type of device that is
being used.
Other devices such as the cafeteria microwave, cordless
phones, older bluetooth devices can provide RF
interference at the 2.4GHz frequency. Spectrum Analysis
tools can be used to locate and identify these types of
interferences
39
40
41
42
43
RF Interference in
the 2.4GHz band
44
45
46
48
49
50
51
52
53
54
55
56
57
58
Conclusion
59
Questions ?
Thank You!