Solution for the problems are provided below, please
comment if any doubts:
a)
- The network firewalls are to act as the barrier between a
trusted secure network and outside world network that contain
anything that we can’t event think.
- The duty of firewall to identify the type of traffic that
enters and leave a system and to block the unwanted or unsecure
packets.
- Packet sniffers are used to capture and analyze the network
traffic and troubleshooting the network from errors. Thus packet
sniffing will help to do the functions of firewall properly. When a
packet in the traffic is sniffed for various suspected things, many
suspected and unwanted packets can be eliminated by packet sniffers
itself without going for further investigation.
- The protocol analyzers are to analyze the network traffic
packet protocol groups, the firewall can be set to block a
particular protocol packets or allow green card for particular
protocols, this protocol based filtering will be easy by using the
protocol analyzers.
- Thus packet sniffers and protocol analyzers are used to block
or grant the packet entries to and from the network.
b)
- Intrusion detection system is security implementing systems, in
which the security of the network is enhanced by detecting the
unwanted or attack intentioned entries to the system. These
unauthorized entries are called intrusion.
- The intrusion network traffic will have some common properties
and this can be stored in a packet sniffer and it can be used to
detect when intrusion happens. By analyzing the packets with the
already stored intrusion certificate data, the intrusion detection
is possible using packet sniffing.
- The protocol analyzing is used to analyze the packet headers to
check whether the packets are obeying a particular protocol or is
it from some suspected network, etc. The intrusion attacks also
will have some special protocol characteristics and it can be
detected using a protocol analyzer.
- Thus packet sniffers and protocol analyzers can be used in
intrusion detection systems.
c)
The Ethernet frame headers that are important for
network forensic analysis are:
- The preamble
- Destination MAC
- Source MAC
d)
The wireless Ethernet frame headers that are important
in forensic analysis are:
- The source MAC address
- The destination MAC address
- The frame control field, it contains many headers to inspect
- To DS
- From DS
- Protocol Version
- WEP