Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Overview
Why Do You Need Intrusion Detection?
Chapter 1
4
Who Are the Perpetrators?
Where do these threats come from? It may be surprising to learn that the perpetrators
most often are not nefarious attackers who roam the Internet, but your very own
employees, whom you trust with your critical data and systems. Disgruntled employees
who have an intimate knowledge of your systems and network are far more likely to
abuse their positions of trust. However, most effort has been expended in defending
against the perceived threat from outside. As a result, most security solutions have
focused on firewalls and web servers, completely ignoring the serious problem that
comes from within. Industrial corporate espionage is also a significant threat to
companies, especially in foreign countries.
How Are These Threats Realized?
The following show the circumstances that lead to the vast bulk of security problems.
Misplaced Trust
When you access a company’s web page, you are trusting that it really is the company’s
web page you are viewing, and not some interloper pretending to be that company. When
you download product data from it, you are trusting that it is accurate and correct. When
you order their product, you are trusting that your order information is being kept
confidential. When you receive e-mail, you trust that the person identified as the sender
really did send you the e-mail. When you type your password into a program, you are
trusting that its designers did not include code to save your passwords so they can break
into your system at a later date. In each of these examples, the trust can be misplaced.
Malicious Code
Computer viruses are the single biggest cause of lost productivity in a business
environment. The real cost of viruses is not the damage they cause, but the total cost of
cleanup to ensure that the infection has not spread to other computers. Moreover, Java
and ActiveX permit the downloading of executable code from the Internet without any
assurances as to its real purpose. There are many examples of web pages that contain
ActiveX or Java applets that will steal a file from your hard drive.
Strong Security With a Weak Link
As the saying goes, “A chain is only as strong as its weakest link.” There is no point in
investing in a complex security solution if there is a simple back door around it. For
example, one router vendor recently had a problem whereby all of their boxes shipped
with a default password that was easy to guess. Most administrators forgot to change
the password. Despite investing many hours in correctly configuring the routers for
secure operation, their security could be defeated in seconds by an attacker who knew
the password.