A Theoretical Framework for Organizational Network Forensic Readiness

Any individual using the internet frequently would know what the term hacking means. With people possessing personal passwords for their email accounts, and with frequent change in these password settings, many are of the impression that they have safe and secure accounts to be associated with. What many people are unaware of, is the fact that with safety come the insecurities, leading to cyber crime, for which the Network Forensic Readiness (NFR) has been devised, to provide protection.

Hacking occurs when cyber intruders steal other peoples passwords and use their accounts. The sources of theft and such objectionable acts are not only difficult to reach, but also difficult to record, says Endicott-Popovsky (2007). The rising number of cyber crimes has made it impossible to cover up the large application needed to counter the felony. Hence, the NFR was expected to implement, in order to keep better records for crime investigations. These records include various aspects such as check lists and other such tools, but these have never sufficed for a complete investigation to be executed in a cyber crime. For better results and to reach some authentic outcome to reprimand the hackers, more intensive ways of NFR implementation need to be opted for.

NFR has been implemented earlier, but not to its full potential the use of check lists and other such tools have been carried out before, but with no praiseworthy results. For the NFR to be implemented in any system, Endicott-Popovsky (2007) states that it is necessary to go through what may assist in fully operationalizing the NFR in any organization or enterprise. Therefore the focus and aim of the authors is to provide us with a complete methodology for incorporating the NFR into organizations and systems. Two cases of malicious intrusion have been given by the authors, plus a theoretical framework that convinces to set up the NFR in enterprises.

The network intruders and the victims are nowhere close to being in competition with one another. The networks may be monitored, but the cyber intruders are no less at their crime, putting safety and privacy at stake. They both have perceptions against one another, but in reality, gaps from both sides are unable to be met, and if on one hand security measures are being undertaken, on the other, hacking involves very little amount of technical knowledge, making it simpler for hackers to continue with their intrusions.

Largest security incident in New Zealand history with damages estimated at 400,000. Evidence indicated that several intruders were involved, physically located in several countries including New Zealand and the United States. The attackers executed a typical intrusion scenario, exploiting a buffer overflow to gain root access and install root kits and back doors for unfettered future access. Once within the network perimeter, they set up new accounts and installed network sniffers to capture logins and passwords. Then compromised machines were used as stepping-stones for attacks on other machines, often employing a several-hop pattern to disguise the actual origin of their attacks before getting to the desired target (Endicott-Popovsky, 2007)
Endicott-Popovsky (2007) has included two cases of malicious intrusion, inclusive of the Russian and New Zealand hacker cases. An analysis of the two cases has been provided in tabular form, clearly indicating the Russian case to be a more serious one, and one that suffered more loss. Followed is a briefing of how many researchers have contributed to the ideology of the NFR and tried to propose ideas for better implementation.

0 comments:

Post a Comment