Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Overview
Importance of Intrusion Detection
Chapter 1
5
Who Are the Perpetrators?
It may be surprising to learn that the perpetrators most often are not attackers who
roam the Internet, but your very own employees, whom you trust with your critical data
and systems. Unreliable employees who have an intimate knowledge of your systems
and network are far more likely to abuse their positions of trust. However, most effort
has been expended in defending against the perceived threat from outside. As a result,
most security solutions have focused on firewalls and web servers, completely ignoring
the serious problem that comes from within. Industrial corporate espionage is also a
significant threat to companies.
How Are These Threats Realized?
The following show the circumstances that lead to the vast bulk of security problems.
Misplaced Trust
The trust can be misplaced during any of the following event:
While accessing company’s Web page and viewing the page, you trust that it is the
company’s Web page.
When you download product data from Web page, you trust that it is accurate.
When you order their product, you trust the that your order information is being
kept confidential.
When you receive e-mail message, you trust that sender did send you a message.
When you type your password into a program, you trust that the program does not
include code to decrypt your password at a later date.
Malicious Code
Computer viruses are the single biggest cause of lost productivity in a business
environment. The real cost of viruses is not the damage they cause, but the total cost of
cleanup to ensure that the infection has not spread to other computers. Moreover, Java
and ActiveX permit the downloading of executable code from the Internet without any
assurances as to its real purpose. There are many examples of web pages that contain
ActiveX or Java applets that will steal a file from your hard drive.
Strong Security With a Weak Link
Vulnerability of a system when one downloads executables from the Web depends on its
weakest link. For example, one router vendor recently had a problem whereby all of their
boxes shipped with a default password that was easy to guess. Most administrators
forgot to change the password. Despite investing many hours in correctly configuring the
routers for secure operation, their security could be defeated in seconds by an attacker
who knew the password.