In this article explain Logical & Physical Structure of a Hard Disk there components uses.
Physical Structure of a Hard Disk
The main components of hard disk drive are:
Platters: These are disk like structures present on the hard disk, stacked one above the other and store the data
Head: It is a device present on the arm of the hard drive that reads or writes data on the magnetic platters, mounted on the surface of the drive
Spindle: It is the spinning shaft on which holds the platters in a fixed position such that it is feasible for the read/write arms to get the data on the disks
Actuator: It is a device, consisting of the read-write head that moves over the hard disk con to save or retrieve information
Cylinder These are the circular tracks present on the platters of the disk drive at equal distances from the center
A hard disk contains a stack of platters, circular metal disks that are mounted inside the hard disk drive and coated with magnetic material, sealed in a metal case or unit. Fixed in a horizontal or vertical position, the hard disk has electromagnetic read or write heads above and below the platters. The surface of the disk consists of a number of concentric rings called as tracks; each of these tracks has smaller partitions called disk blocks. The size of each disk block is 512 bytes (0.5 KB). The track numbering starts with zero. When the platter rotates, the heads record data in tracks. A 3.5-inch hard disk can contain about thousand tracks.
The spindle holds the platters in a fixed position such that it is feasible for the read/write arms to get the data on the disks. These platters rotate at a constant speed while the drive head, positioned close to the center of the disk, reads the data slowly from the surface of the disk compared to the outer edges of the disk. To maintain integrity of data, the head is reading at a particular period of time from any drive head position. The tracks at the outer edges of the disk have less densely populated sectors compared to the tracks close to the center of the disk.
The disk fills the space based on a standard plan. One side of the first platter contains space, reserved for hardware track-positioning information which is not available to the operating system. The disk controller uses the track-positioning information to place the drive heads in the correct sector position.
The hard disk records the data using the zoned bit recording technique, also known as multiple zone recording. This method combines the areas on the hard disk together as zones, depending on the distance from the center of the disk. A zone contains a certain number of sectors per track.
Calculation of data density of disk drives is done in the following terms:
Track density: Refers to the number of tracks in a hard disk
Area density: Area density is the platters’ storage capacity in bits per square inch
In this article explain Discribe the different types of Disk and there characterstics & uses. Disk Drive is a digital data storage device that uses different storage mechanisms such as mechanical, electronic, magnetic, and optical to store the data. It is addressable and rewritable to support changes and modification of data. Depending on the type of media and mechanism of reading and writing the data, the different types of disk drives are as follows:
Magnetic Storage Devices: Magnetic storage devices store data using magnets to read and write the data by manipulating magnetic fields on the storage medium. These are mechanical devices with components moving to store or read the data. Few other examples include floppy disks, magnetic tapes, etc. In these types of hard disks, the disks inside the media rotate at high speed and heads in the disk drive read and write the data.
Optical Storage Devices: Optical storage devices are electronic storage media that store and read the data in the form of binary values using a laser beam. The devices use lights of different densities to store and read the data. Examples of optical storage devices include Blue-Ray discs, CDs, and DVDs,
Flash Memory Devices: Flash memory is a non-volatile electronically erasable and reprogrammable storage medium that is capable of retaining data even in the absence of power. It is a type of electronically erasable programmable read only memory (EEPROM). These devices are cheap and more efficient compared to other storage devices. Devices that use flash memory for data storage are USB flash drives, MP3 players, digital cameras, solid-state drives, etc. Few examples of flash memory are: – BIOS chip in a computer – Compact Flash (commonly found in digital cameras) – Smart Media (commonly found in digital cameras) – Memory Stick (commonly found in digital cameras) – PCMCIA Type I and Type II memory cards found in laptops – Memory cards for video game consoles
Hard Disk Drive is a non-volatile, random access digital data storage device used in any computer system. The hard disk stores data in a method similar to that of a file cabinet. The user, when needed, can access the data and programs. When the computer needs the stored program or data, the system brings it to a temporary location from the permanent location. When the user or system makes changes to a file, the computer saves the file by replacing the older file with the new file. The HDD records data magnetically onto the hard disk.
The hard disks differ from each other considering various measurements such as:
A Solid-State Drive (SSD) is an electronic data storage device that implements solid-state memory technology to store data similar to a hard disk drive. Solid-state is an electrical term that refers to an electronic circuit entirely built with semiconductors.
It uses two memories:
NAND-based SSDs: These SSID5 use solid state memory NAND microchips to store the data. Data in these microchips is in a non-volatile state and does not need any moving parts. NAND memory is non-volatile in nature and retains memory even without power. NAND memory was developed primarily to reduce per bit cost of data storage. However, it is still more expensive than optical memory and HDDs. NAND-based memory is widely used today in mobile devices, digital cameras, MP3 players, etc. It has a finite number of writes over the life of the device.
Volatile RAM-based SSDs: SSDs, based on volatile RAM such as DRAM, are used when applications require faster data access. These SSDs include either an internal chargeable battery or an external AC/DC adapter, and a backup storage. Data resides in the DRAM during data access and is stored in the backup storage in case of a power failure.
Understand the Importance of Network Forensics in this this article Network Forensics is the implementation of sniffing, recording, acquisition, and analysis of network traffic and event logs to investigate a network security incident. Capturing network traffic over a network is simple in theory, but relatively complex in practice due to many inherent reasons such as the large amount of data flow and complex nature of Internet protocols. Recording network traffic involves a lot of resources. It is often not possible to record all the data flowing through the network due to the large volume. Again, these recorded data need to be backed up to free recording media and for future analysis.
The analysis of recorded data is the most critical and time-consuming task. There are many automated analysis tools for forensic purposes, but they are insufficient, as there is no foolproof method to recognize bogus traffic generated by an attacker from a pool of genuine traffic. Human judgment is also critical because with automated traffic analysis tools, there is always a chance of false positives.
Network forensics is necessary in order to determine the type of attack over a network and to trace the culprit. A proper investigation process is required to produce the evidence recovered during the investigation in the court of law.
Investigators perform postmortem of logs to detect something that has already occurred in a network/device and determine what it is.
Here, an investigator can go through the log files a number of times to examine and check the flow of previous runs. When compared to real-time analysis, it is an exhaustive process, since the investigators need to examine the attack in detail and give a final report.
Real-Time Analysis
Real-time analysis is an ongoing process, which returns results simultaneously, so that the system or operators can respond to the attacks immediately.
Real-time analysis is an analysis done for the ongoing process. This analysis will be more effective if the investigators/administrators detect the attack quickly. In this analysis, the investigator can go through the log files only once to evaluate the attack, unlike postmortem analysis.
Network Vulnerabilities
The massive technological advances in networking have also led to a rapid increase in the complexity and vulnerabilities of networks. The only thing that a user can do is minimize these vulnerabilities, since the complete removal of the vulnerabilities is not possible. There are various internal and external factors that make a network vulnerable.
Internal network vulnerabilities
Internal network vulnerabilities occur due to the overextension of bandwidth and bottlenecks.
Overextension of bandwidth: Overextension of bandwidth occurs when user need exceeds total resources.
Bottlenecks: Bottlenecks usually occur when user need exceeds resources in particular network sectors.
The network management systems direct these problems and software to the log or other management solutions. System administrators examine these systems and identify the location of network slowdowns. Using this information, they reroute the traffic within the network architecture to increase the speed and functionality of the network.
External network vulnerabilities
External network vulnerabilities occur due to threats such as DoS/DDoS attacks and network data interception. DoS and DDoS attacks result from one or numerous attacks. These attacks are responsible for slowing down or disabling the network and are considered as one of the most serious threats that a network faces. To minimize this attack, use network performance monitoring tools that alert the user or the administrator about an attack.
Data interception is a common vulnerability among LANs and WLANs. In this type of attack, an attacker infiltrates a secure session and thus monitors or edits the network data to access or edit the network operation. In order to minimize these attacks, the user or administrator needs to apply user authentication systems and firewalls to restrict unauthorized users from accessing the network.
Eavesdropping is a technique used in intercepting the unsecured connections in order to steal personal information, which is illegal.
2. Data Modification
Once the intruder gets access to sensitive information, his or her first step is to alter the data. This problem is referred to as a data modification attack.
3. IP Address Spoofing
IP spoofing is a technique used to gain unauthorized access to a computer. Here, the attacker sends messages to the computer with an IP address that indicates the messages are coming from a trusted host.
4. Denial of Service (DoS)
In a DoS attack, the attacker floods the target with huge amount of invalid traffic, thereby leading to exhaustion of the resources available on the target. The target then stops responding to further incoming requests, thereby leading to denial of service to the legitimate users.
5. Man-in-the-Middle Attack
In man-in-the-middle attacks, the attacker makes independent connections with the users/victims and relays messages between them, making them believe that their conversation is direct.
6. Packet Sniffing
Sniffing refers to the process of capturing traffic flowing through a network, with the aim of gaining sensitive information such as usernames and passwords and using them for illegitimate purposes. In the computer network, packet sniffer captures the network packets. Software tools known as Cain&Able are used to server this purpose.
7. Enumeration
Enumeration is the process of gathering information about a network that may help in an attacking the network. Attackers usually perform enumeration over the Internet. During enumeration, the following information is collected:
Topology of the network
List of live hosts
Architecture and the kind of traffic (for example, TCP, UDP, IPX)
Potential vulnerabilities in host systems
8. Session Hijacking
A session hijacking attack refers to the exploitation of a session-token generation mechanism or token security controls, such that the attacker can establish an unauthorized connection with a target server.
9. Buffer Overflow
Buffers have data storage capacity. If the data count exceeds the original capacity of a buffer, then buffer overflow occurs. To maintain finite data, it is necessary to develop buffers that can direct additional information when they need. The extra information may overflow into neighboring buffers, destroying or overwriting the legal data.
10. Email Infection
This attack uses emails as a means to attack a network. Email spamming and other means are used to flood a network and cause a DoS attack.
11. Malware Attacks
Malware is a kind of malicious code or software designed to damage the system. Attackers try to install the malware on the targeted system; once the user installs it, it damages the system.
12. Password-based attacks
Password-based attackis a process where the attacker performs numerous login attempts on a system or an application to duplicate the valid login and gain access to it.
13. Router attacks
It is the process of an attacker attempting to compromise the router and gaining access to it.
Attacks specific to wireless networks:
1. Rogue Access PointAttack
Attackers or insiders create a backdoor into a trusted network by installing an unsecured access point inside a firewall. They then use any software or hardware access point to perform this kind of attack.
2. Client Mis-association
The client may connect or associate with an AP outside the legitimate network either intentionally or accidentally. An attacker who can connect to that network intentionally and proceed with malicious activities can misuse this situation. This kind of client mis-association can lead to access control attacks.
3. Misconfigured Access Point Attack
This attack occurs due to the misconfiguration of the wireless access point. This is the easiest vulnerability the attacker can exploit. Upon successful exploitation, the entire network could be open to vulnerabilities and attacks. One of the means of causing the misconfiguration is to apply default usernames and passwords to use the access point.
4. Unauthorized Association
In this attack, the attacker takes advantage of soft access points, which are WLAN radios present in some laptops. The attacker can activate these access points in the victim’s system through a malicious program and gain access to the network.
5. Ad Hoc Connection Attack
In an Ad Hoc connection attack, the attacker carries out the attack using an USB adapter or wireless card. In this method, the host connects with an unsecured station to attack a particular station or evade access point security.
6. HoneySpot Access Point Attack
If multiple WLANs co-exist in the same area, a user can connect to any available network. This kind of multiple WLAN is highly vulnerable to attacks. Normally, when a wireless client switches on it probes nearby wireless networks for a specific SSID. An attacker takes advantage of this behavior of wireless clients by setting up an unauthorized wireless network using a rogue AP. This AP has high-power (high gain) antennas and uses the same SSID of the target network. Users who regularly connect to multiple WLANs may connect to the rogue AP. These Aps mounted by the attacker are “honeypot” APs. They transmit a stronger beacon signal than the legitimate APs. NICs searching for the strongest available signal may connect to the rogue AP. If an authorized user connects to a honeypot AP, it creates a security vulnerability and reveals sensitive user information such as identity, user name, and password to the attacker.
7. AP MAC Spoofing
Using the MAC spoofing technique, the attacker can reconfigure the MAC address in such a way that it appears as an authorized access point to a host on a trusted network. The tools for carrying out this kind of attack are changemac.sh,SMAC, and Wicontrol.
8. Jamming Signal Attack
In this attack, the attacker jams the WiFi signals to stop the all the legitimate traffic from using the access point. The attacker blocks the signals by sending huge amounts of illegitimate traffic to the access point by using certain tools
Where to Look for Evidence
Logs contain events associated with all the activities performed on a system or a network. Hence, analyzing these logs help investigators trace back the events that have occurred, Logs collected in the network devices and applications serve as evidence for investigators to investigate network security incidents. Therefore, investigators need to have knowledge on network fundamentals, TCP/IP model, and the layers in the model.
Transmission Control Protocol/Internet Protocol (TCP/IP) is a communication protocol used to connect different hosts in the Internet. Every system that sends and receives information has a TCP/IP program, and the TCP/IP program has two layers:
Higher Layer: It manages the information sent and received in the form of small data packets sent over Internet and joins all those packets as a main message.
Lower Layer: It handles the address of every packet so that they all reach the right destination.
The TCP/1P model and 051 seven-layer models are similar in appearance. As shown in the above figure, the Data Link Layer and Physical Layer of OSI model together form Network Access Layer in TCP/IP model. The Application Layer, Presentation Layer, and Session Layer together form the Application Layer in the TCP/IP Model.
Layer 1: Network Access Layer
This is the lowest layer in the TCP/IP model. This layer defines how to use the network to transfer data. It includes protocols such as Frame Relay, SMDS, Fast Ethernet, SLIP, PPP, FDDI, ATM, Ethernet, ARP, etc., which help the machine deliver the desired data to other hosts in the same network.
Layer 2: Internet Layer
This is the layer above Network Access Layer. It handles the movement of data packet over a network, from source to destination. This layer contains protocols such as Internet Protocol (IP), Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), Internet Group Management Protocol (IGMP), etc. The Internet Protocol (IP) is the main protocol used in this layer.
Layer 3: Transport Layer
Transport Layer is the layer above the Internet Layer. It serves as the backbone for data flow between two devices in a network. The transport layer allows peer entities on the source and destination devices to carry on a communication. This layer uses many protocols, among which Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are the most widely used. TCP is preferable in case of reliable connections, while UDP can handle non-reliable connections.
Layer 4: Application Layer
This is the topmost layer of the TCP/IP protocol suite. This layer includes all processes that use the Transport Layer protocols, especially TCP and UDP, to deliver data. This layer contains many protocols, with HTTP, Telnet, FTP, SMTP, NFS, TFTP, SNMP, and DNS being the most widely used ones.
Log Files as Evidence
In network forensic investigation, information log files help the investigators lead to the perpetrator. Log files contain valuable data about all the activities performed on the system. Different sources on a network/device produce their respective log files. These sources may be operating systems, IDS, firewall, etc. Comparing and relating the log events help the investigators deduce how the intrusion occurred. The log files collected as evidence need to comply with certain laws to be acceptable in the court; additionally, an expert testimony is required to prove that the log collection and maintenance occurred in the admissible manner
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Infosavvy Cyber Security & IT Management Trainings 