PART 6: SYSTEM SECURITY
o Intrusion Detection
o Password Management
◆ Unauthorized intrusion into a computer
system or network is one of the most serious threats to computer security.
◆ Intrusion detection systems have been
developed to provide early warning of an intrusion so that defensive action can
be taken to prevent or mini- mize damage.
◆ Intrusion detection involves detecting
unusual patterns of activity or patterns of activity that are known to
correlate with intrusions.
◆ One important element of intrusion
prevention is password management, with the goal of preventing unauthorized
users from having access to the passwords of others.
A significant security
problem for networked systems is hostile, or at least unwanted, trespass by users or software. User trespass can
take the form of unauthorized logon to a machine
or, in the case of an authorized user, acquisition of priv-
ileges or performance of actions
beyond those that have been authorized. Software trespass can take the form of a virus,
worm, or Trojan horse.
All these attacks relate to network security
because system entry can be achieved by means of a network. However,
these attacks are not confined to net- work-based attacks. A user with access
to a local terminal may attempt trespass without using an intermediate network. A virus or Trojan horse may be introduced
into a system by means of an optical disc. Only the worm is a uniquely
network phenomenon. Thus, system
trespass is an area in which the concerns of network security and computer security overlap.
Because the focus of this book is network security,
we do not attempt a com-
prehensive analysis of either the attacks or the security countermeasures
related to system trespass. Instead,
in this Part we present a broad
overview of these concerns.
This chapter covers the subject of intruders. First, we
examine the nature of the attack and then look at strategies intended for
prevention and, failing that, detection. Next we examine the related topic of