Chapter-20 - I NTRUDERS 20.1 Intruders Intruder Behavior...

Download Document
Showing pages : 1 - 4 of 35
This preview has blurred sections. Sign up to view the full version! View Full Document
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: I NTRUDERS 20.1 Intruders Intruder Behavior Patterns Intrusion Techniques 20.2 Intrusion Detection Audit Records Statistical Anomaly Detection Rule-Based Intrusion Detection The Base-Rate Fallacy Distributed Intrusion Detection Honeypots Intrusion Detection Exchange Format 20.3 Password Management Password Protection Password Selection Strategies 20.4 Recommended Reading and Web Sites 20.5 Key Terms, Review Questions, and Problems Appendix 20A The Base-Rate Fallacy 20-1 CHAPTER P ART 6: S YSTEM S ECURITY 20-2 CHAPTER 20 / INTRUDERS They agreed that Graham should set the test for Charles Mabledene. It was nei- ther more nor less than that Dragon should get Stern’s code. If he had the ‘in’ at Utting which he claimed to have this should be possible, only loyalty to Moscow Centre would prevent it. If he got the key to the code he would prove his loyalty to London Central beyond a doubt. — Talking to Strange Men , Ruth Rendell KEY POINTS Unauthorized intrusion into a computer system or network is one of the most serious threats to computer security. Intrusion detection systems have been developed to provide early warning of an intrusion so that defensive action can be taken to prevent or mini- mize damage. Intrusion detection involves detecting unusual patterns of activity or patterns of activity that are known to correlate with intrusions. One important element of intrusion prevention is password management, with the goal of preventing unauthorized users from having access to the passwords of others. A significant security problem for networked systems is hostile, or at least unwanted, trespass by users or software. User trespass can take the form of unau- thorized logon to a machine or, in the case of an authorized user, acquisition of priv- ileges or performance of actions beyond those that have been authorized. Software trespass can take the form of a virus, worm, or Trojan horse. All these attacks relate to network security because system entry can be achieved by means of a network. However, these attacks are not confined to net- work-based attacks. A user with access to a local terminal may attempt trespass without using an intermediate network. A virus or Trojan horse may be introduced into a system by means of an optical disc. Only the worm is a uniquely network phe- nomenon.Thus, system trespass is an area in which the concerns of network security and computer security overlap. Because the focus of this book is network security, we do not attempt a com- prehensive analysis of either the attacks or the security countermeasures related to system trespass. Instead, in this Part we present a broad overview of these concerns. This chapter covers the subject of intruders. First, we examine the nature of the attack and then look at strategies intended for prevention and, failing that, detection. Next we examine the related topic of password management. 20.1 / INTRUDERS 20-3 20.1 INTRUDERS One of the two most publicized threats to security is the intruder (the other is...
View Full Document