Download full Article
In the last three years, the networking revolution has finally come of age. More than ever before, we see that the Internet is changing computing as we know it. The possibilities and opportunities are limitless; unfortunately, so too are the risks and chances of malicious intrusions.
It is very important that the security mechanisms of a system are designed so as to prevent unauthorized access to system resources and data. However, completely preventing breaches of security appear, at present, unrealistic. We can, however, try to detect these intrusion attempts so that action may be taken to repair the damage later. This field of research is called Intrusion Detection.
Anderson, while introducing the concept of intrusion detection in 1980, defined an intrusion attempt or a threat to be the potential possibility of a deliberate unauthorized attempt to
? access information,
? manipulate information, or
? render a system unreliable or unusable.
Since then, several techniques for detecting intrusions have been studied. This paper discusses why intrusion detection systems are needed, the main techniques, present research in the field, and possible future directions of research.
A Security Policy defines what is permitted and what is denied on a system. There are two basic philosophies behind any security policy:
? Prohibitive where everything that is not expressly permitted is denied.
? Permissive where everything that is not expressly denied is permitted.
Elements of a System?s Security
A computer system can be considered as a set of resources which are available for use by authorized users. A paper by Donn P outlines six elements of security that must be addressed by a security administrator. It is worth evaluting any tool by determining how it address these six elements.
? Availability - the system must be available for use when the users need it. Similarly, critical data must be available at all times.
? Utility - the system, and data on the system, must be useful for a purpose.
? Integrity - the system and its data must be complete, whole, and in a readable condition.
? Authenticity - the system must be able to verify the identity of users, and the users should be able to verify the identity of the system.
? Confidentiality - private data should be known only to the owner of the data, or to a chosen chosen few with whom the owner shares the data.
? Possession - the owners of the system must be able to control it. Losing control of a system to a malicious user affects the security of the system for all other users.