The Threat from the Net



Bibliographic Information


As it stands today, the Internet is not secure, so the only option is to understand how attacks occur and how best to protect against them. Ways to detect an intrusion and assess what the intruder did must be well thought out. For the most part, they will rely upon the ability of each system on the Internet to keep a log of events. The logs are invaluable for intrusion detection and analysis, indeed, they are basic to all postattack analysis. Authors of the security policy must determine what to log (keeping in mind how the desired level of logging will affect system performance) and how the logs should be analyzed. The logs should note who has entered the system as well as what they have done. Before a detailed examination is made of security methods, the issues affecting security enforcement are reviewed. The detection of intrusion using manual and automatic methods are discussed as are counterattack and damage assessment.

Copyright Notice

©1997 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
The definitive version was published in IEEE Spectrum 34(8), Aug. 1997.