Overview

Why Do You Need Intrusion Detection?

Who Are the Perpetrators?

Where do these threats come from? It may be surprising to learn that the perpetrators most often are not nefarious attackers who roam the Internet, but your very own employees, whom you trust with your critical data and systems. Disgruntled employees who have an intimate knowledge of your systems and network are far more likely to abuse their positions of trust. However, most effort has been expended in defending against the perceived threat from outside. As a result, most security solutions have focused on firewalls and web servers, completely ignoring the serious problem that comes from within. Industrial corporate espionage is also a significant threat to companies, especially in foreign countries.

How Are These Threats Realized?

The following show the circumstances that lead to the vast bulk of security problems.

Misplaced Trust

When you access a company’s web page, you are trusting that it really is the company’s web page you are viewing, and not some interloper pretending to be that company. When you download product data from it, you are trusting that it is accurate and correct. When you order their product, you are trusting that your order information is being kept confidential. When you receive e-mail, you trust that the person identified as the sender really did send you the e-mail. When you type your password into a program, you are trusting that its designers did not include code to save your passwords so they can break into your system at a later date. In each of these examples, the trust can be misplaced.

Malicious Code

Computer viruses are the single biggest cause of lost productivity in a business environment. The real cost of viruses is not the damage they cause, but the total cost of cleanup to ensure that the infection has not spread to other computers. Moreover, Java and ActiveX permit the downloading of executable code from the Internet without any assurances as to its real purpose. There are many examples of web pages that contain ActiveX or Java applets that will steal a file from your hard drive.

Strong Security With a Weak Link

As the saying goes, “A chain is only as strong as its weakest link.” There is no point in investing in a complex security solution if there is a simple back door around it. For example, one router vendor recently had a problem whereby all of their boxes shipped with a default password that was easy to guess. Most administrators forgot to change the password. Despite investing many hours in correctly configuring the routers for secure operation, their security could be defeated in seconds by an attacker who knew the password.

4

Chapter 1

Page 16
Image 16
HP Host Intrusion Detection System (HIDS) Who Are the Perpetrators?, How Are These Threats Realized?, Misplaced Trust