Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
cost to a company can be very high —lost sales or miscommunication with
customers, for example.
Loss of privacy
Privacy is a serious security concern in the medical, insurance, and banking fields.
If a computer system is broken into by an external attacker, sensitive data may be
obtained that can leave a company liable to legal action because of a lack of due
diligence to protect sensitive data.
Who are the Perpetrators?
Perpetrators of security attacks most often are not outsiders who roam the Internet,
but your own employees, whom you trust with your critical data and systems.
Unreliable employees who have an intimate knowledge of systems and network can
abuse their positions of trust. However, most effort has been expended in defending
against the perceived threat from outside. As a result, most security solutions have
focused on firewalls and web servers, completely ignoring the serious problem that
comes from within. Industrial corporate espionage is also a significant threat.
How are These Threats Realized?
This section discusses the circumstances that lead to some common security problems.
Misplaced Trust
Trust can be misplaced during any of the following events:
While accessing the website of a specific company, you trust that it is the website
of the company you intend to visit.
When you download product data from a website, you trust that it is accurate.
When you order a company’s product from the Internet, you trust that your order
information is being kept confidential.
When you receive email messages, you trust that sender information is accurate.
When you type your password into a program, you trust that the program does
not include code to decrypt the password at a later date.
Malicious Code
Computer viruses are the single biggest cause of lost productivity in business
environments. The real cost of viruses is not the damage they cause, but the total cost
of cleanup to ensure that the infection has not spread throughout the company network.
Moreover, Java and ActiveX permit the downloading of executable code from the
Internet without any assurances of its real purpose. There are many examples of websites
that contain ActiveX or Java applets that steal files from your hard drive.
22 Introduction