The Threat from the Net



Bibliographic Information


As it stands today, the Internet is not secure, so the only option is to understand how attacks occur and how best to protect against them. Ways to detect an intrusion and assess what the intruder did must be well thought out. For the most part, they will rely upon the ability of each system on the Internet to keep a log of events. The logs are invaluable for intrusion detection and analysis, indeed, they are basic to all postattack analysis. Authors of the security policy must determine what to log (keeping in mind how the desired level of logging will affect system performance) and how the logs should be analyzed. The logs should note who has entered the system as well as what they have done. Before a detailed examination is made of security methods, the issues affecting security enforcement are reviewed. The detection of intrusion using manual and automatic methods are discussed as are counterattack and damage assessment.

Copyright Notice

©1997 IEEE. The definitive version was published in IEEE Spectrum 34(8), Aug. 1997.