Manualshelf

HP-UX Host Intrusion Detection System Version 4.2 Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
the serious problem that comes from within. Industrial corporate espionage is also a significant
threat.
How are These Threats Realized?
This section discusses the circumstances that lead to some common security problems.
Misplaced Trust
Trust can be misplaced during any of the following events:
While accessing the website of a specific company, you trust that it is the website of the
company you intend to visit.
When you download product data from a website, you trust that it is accurate.
When you order a company’s product from the Internet, you trust that your order information
is being kept confidential.
When you receive email messages, you trust that sender information is accurate.
When you type your password into a program, you trust that the program does not include
code to decrypt the password at a later date.
Malicious Code
Computer viruses are the single biggest cause of lost productivity in business environments. The
real cost of viruses is not the damage they cause, but the total cost of cleanup to ensure that the
infection has not spread throughout the company network. Moreover, Java and ActiveX permit
the downloading of executable code from the Internet without any assurances of its real purpose.
There are many examples of websites that contain ActiveX or Java applets that steal files from
your hard drive.
Strong Security with a Weak Link
Vulnerability of a system when you download executables from the web depends on its weakest
link. For example, a router vendor shipped boxes with a default password that was easy to guess.
Most administrators forgot to change the password. Despite investing many hours in correctly
configuring the routers for secure operation, their security can be defeated in seconds by an
attacker who knew the password.
Exploitation of Critical Infrastructure Elements
As more business is done over the Internet, more trust is placed in critical infrastructure elements:
the routers, hubs, and web servers that move data around the Internet. This infrastructure also
include DNS name servers that enable users to access URLs from their browsers. A DNS server
maps names such as www.company.com to an Internet Protocol (IP) address, such as 10.2.3.4.
By targeting these important infrastructure services, an attacker can bring down a whole
organization. Sometimes attackers do not have to steal your information to hurt you. By simply
making your systems unavailable for use, such attackers can cause losses in both revenue and
credibility in your industry.
Misconfigured Software and Hardware
If you do not configure a critical piece of software or hardware properly, your network becomes
vulnerable to security attacks. This is a particular problem in the area of firewalls, where
configuration rules are complex. One missing rule can leave your whole internal network open
to attack.
Excessive Privileges for Simple Tasks
A code that runs with privileges (such as root on UNIX® systems, or as administrator on Windows
NT® systems) is particularly vulnerable, because a simple bug can have a major impact. Codes
20 Introduction