Information Technology Reference
In-Depth Information
Fig. 1.
Hierarchical Architecture of ForNet
Servers themselves can be networked for inter-domain collaboration which forms
the second level of the hierarchy. Queries that need to cross domain boundaries
go through appropriate Forensic Servers. A Forensic Server is the only gateway
to queries sent to a domain from outside the domain boundaries. A query sent
to a domain is addressed to the Forensic Server of the domain, authenticated
by the server and passed on to appropriate SynApps in the domain. Likewise,
results from the SynApps are sent to the Forensic Server that is in control of the
domain where it is certified and sent back. In practice queries would begin from
the leaf nodes from a branch in the hierarchy, traverse Forensic Servers in higher
levels, and end up in leaf nodes in another branch. Queries would usually travel
in the opposite direction of the attack or crime. In the beginning queries will be
more general as the analyst tries to pin-point the origin of the attack and then
the queries become very precise as she close in on the source of the attack.
3.2
Architecture of a SynApp
Here we show how we intend to package various synopsis techniques discussed
in the next section into a single appliance, the SynApp, which we have begun to
realize first in software, and then in its final form as a small network appliance
dedicated to synopsizing network trac. The appliance has two abstract compo-
nents, a network resident
synopsis engine
and the
Forensics Server
— a possibly
external query processing and storage management unit. These are further di-
vided into several functional modules. Fig. 2 illustrates the overall architecture
of the appliance with an integrated Forensics Server. We envision that such an
appliance can be seamlessly integrated into networking components or it can be
attached to the network right after a router.
The modular architecture allows for a variety of configurations of SynApps
and Forensic Server in a network (to satisfy budgetary and security policy re-
