Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Overview
Importance of Intrusion Detection
Chapter 1
6
Exploitation of Critical Infrastructure Elements
As more business is done over the Internet, more trust is placed in critical infrastructure
elements: the routers, hubs, and web servers that move data around the net. The
infrastructure also include DNS name servers that allow users to access
www.mycompany.com from their browsers. A DNS server is a computer that maps names
such as www.company.com to an Internet address such as 10.2.3.4. By attacking these
important infrastructure services, an attacker can bring down the whole organization.
Sometimes attackers do not have to steal your information to hurt you. By simply
making your systems unavailable for use, they can cause you losses in both financial
terms and in credibility in your industry.
Misconfigured Software and Hardware
If you do not configure a critical piece of software or hardware, your network will be
vulnerable to security attacks. This is a particular problem in the area of firewalls,
where configuration rules are complex: one missed rule can leave your whole internal
network open to attack.
Excessive Privilege for Simple Tasks
Code that runs with privilege (as root on UNIX systems, or as Administrator on
Windows NT systems) is particularly vulnerable because a simple bug can have major
impact. Code is not designed to handle security attacks. Moreover, most code runs with
more privilege than it needs to accomplish its task. Often a site will install its web server
to run as root, granting it far greater privilege than it needs to simply serve up web
pages and CGI scripts. Web server that runs as root is a easy target for attack. The CGI
script is easily accessible and any individual can gain complete root privileges to the
systems.
Being Used as a Springboard to Attack the Next Victim
Even if you are not attacked yourself, your company systems can be used to launch an
attack on other victims elsewhere on the Internet.
Why Existing Tools Are Only Part of the Solution
A number of technologies have emerged as potential solutions to the various security
problems faced by companies. Firewalls, encryption, and security auditing tools are
useful in the world of security. After reading this section, you will understand how
HP-UX HIDS integrates with these existing technologies.
Firewalls
A firewall is a system that is placed between two networks to control what traffic is
allowed between those networks. A firewall is usually placed between the Internet and
your internal intranet. It can be viewed as a useful point of policy enforcement through
which you can decide what network traffic is and is not permitted to and from your
organization. When deployed correctly (itself a difficult task in a complex business
environment), a firewall is an efficient tool to prevent attacks on your critical systems
and data. However, a firewall connected to the Internet cannot protect you against an
attack against your systems launched from inside your organization. Often, it cannot
stop an attacker inside your organization from attacking systems on the Internet (you
may be used as a springboard to attack the next victim).