ee579t/11 #1 spring 2001 © 2000, 2001, richard a. stanley wpi ee579t network security 11: law,...
Post on 22-Dec-2015
216 views
TRANSCRIPT
![Page 1: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/1.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #1
EE579TNetwork Security
11: Law, Ethics, Intrusions
Prof. Richard A. Stanley
![Page 2: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/2.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #2
Thought for the Day
“Any sufficiently developed technologyis indistinguishable from magic.”
?
![Page 3: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/3.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #3
Overview of Tonight’s Class
• Review last week’s lesson
• Look at network security in the news
• Legal and ethical issues
![Page 4: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/4.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #4
Last Week in Review
• Running a network makes it necessary to be familiar with the law
• There is both civil and criminal law• Knowing what is illegal is key to tracking and
deterring unauthorized users• Protecting intellectual property is an important
responsibility of network managers• Building a relationship with law enforcement
before an problem is usually wise
![Page 5: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/5.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #5
Network Security Last Week- 1
• Social engineering gets hackers and their viruses inside a network with more success than a complicated, technical method
• More security flaws are found in wireless LAN protocol 802.11 by UMd researchers
• One in three UK companies have been hacked
• eBay finds holes in privacy policy
![Page 6: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/6.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #6
Network Security Last Week- 2
• Online security key to health care venture
• Too much security holds back e-commerce– So say 40% of blue chip companies surveyed
• ADDR.com customer database stolen
• Cloaked code sneaks by corporate security
• Security industry slams virus reward
• Microsoft updates Windows to combat VeriSign glitch
![Page 7: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/7.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #7
Network Security Last Week- 3• War driving -- the latest hacker fad
• KPMG survey – 90 percent of CEOs and CIOs believe most
security breaches will come via the Internet or other external means
– KPMG confirms most breaches are internal, by disgruntled employees and others with immediate knowledge of a company's system
![Page 8: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/8.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #8
Tonight:
The Odds and Ends That Tie it All Together
![Page 9: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/9.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #9
More About Copyrights
• Fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means :– criticism– comment– news reporting– teaching (including multiple copies for
classroom use)
![Page 10: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/10.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #10
Remember...
• A copyright protects the tangible expression of an idea, not the idea itself– Copyright infringement is a crime
• A patent protects an idea (sort of -- more later), not merely its expression– Patent infringement must be contested– Patent infringement is a civil matter, not a
crime
![Page 11: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/11.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #11
What Can Be Patented?
“Whoever invents or discovers any new and useful process,
machine, manufacture, or composition of matter, or any new
and useful improvement thereof, may obtain a patent therefor,
subject to the conditions and requirements of this title.”
35 USC § 101
![Page 12: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/12.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #12
More to Think About
• Censorship
• Privacy
• Liability– Actions of others
• Responsibility to report crimes
• Public approbation vs. legal action
• Whose laws apply?
![Page 13: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/13.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #13
Negligence
• Simple
• Gross
• Contributory
• “The prudent man”
• Due diligence
![Page 14: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/14.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #14
More Legal Considerations
• What if…– One of your employees is using your network
to do something illegal?– Someone outside the organization is using your
network resources for illicit purposes?– Your system is broken into and important
information goes missing or becomes public?
Are You Liable?
![Page 15: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/15.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #15
What Is Your Responsibility?• For intellectual property?
• For personal data?
• For financial data?
• For proper operation of the network?
• How and where are these things defined?
![Page 16: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/16.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #16
The Other “P” Word• Privacy
– What is it?– How to protect it?– What do customers and employees expect?– What do they have a right to expect?– Where is the Constitutional right to privacy
found?
![Page 17: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/17.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #17
Ethics
Not a Simple Subject
![Page 18: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/18.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #18
Ethics Concerns• Information Management
– Data acquisition– Access– Stewardship
• Information Security– Ownership of intellectual property– Crime– Liability and reliability
![Page 19: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/19.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #19
Ethical Issues
• Ethics and the law are not the same
• Ethic is an objectively defined standard of right or wrong
• Ethical standards tend to be idealistic
• Set of ethical principles is an ethical system
![Page 20: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/20.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #20
Law Versus Ethics
• Formal, written• Interpreted by courts• Established by
legislature• Applies to everyone• Conflict, “right”
resolved by courts• Enforceable
• Unwritten principles• Interpreted by indiv.• Presented by religions,
philosophers, etc.• Personal choice• No external arbiter of
“right” or conflict• Limited enforcement
LAW ETHICS
![Page 21: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/21.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #21
Ethics Overview
• Complex• Ethics and religion• Ethics not universal• Ethics does not provide unique, immutable
answers– Ethical pluralism– Very unlike scientific view of “truth”– Rarely a higher authority
![Page 22: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/22.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #22
Ethical Reasoning
• How to approach an ethical issue?– Understand the situation– Know several theories of ethical reasoning– List the ethical principles involved– Determine which principles outweigh the others
• First and third are key
• Easy to go off at half cock
![Page 23: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/23.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #23
Ethical Principles--Examples
• Teleology– Focus on consequences
– Egoism: benefits to person taking the action
– Utilitarianism: benefits to entire world
• Deontology– Focus on sense of duty
– Some things are just intrinsically good
– Rule-deontology
– Act-deontology situation ethics
![Page 24: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/24.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #24
Some Values Issues
• Ownership of resources
• Effect on others
• Universalism principle
• Possibility of detection, punishment
• Other issues?
• Which are more important than others?
![Page 25: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/25.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #25
Some Principles Involved
• Job responsibility
• Use
• Possible misuse
• Confidentiality
• Tacit permission
• Propriety
• Law
![Page 26: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/26.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #26
General Moral Imperatives(ACM Code of Ethics and Professional Conduct)
• Contribute to society and human well-being• Avoid harm to others• Be honest and trustworthy• Be fair and take action not to discriminate• Honor property rights including copyrights and
patents• Give proper credit for intellectual property• Respect the privacy of others• Honor confidentiality
![Page 27: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/27.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #27
The “P” Word
• Can or should you have an ethics policy?
• Why or why not?
• Are you aware of organizations that do have ethics policies?
![Page 28: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/28.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #28
Ethics Case 1Donald works for the county health department as a
computer records clerk, where he has access to files of patient records. For a scientific study, a researcher -- Ethel -- has been granted access to the medical portion, but the corresponding names, of some records.
Ethel finds some information that she would like to use, but she needs the names and addresses in order to contact these people for more information and for permission to do further study.
Should Donald give Ethel the names and addresses?
![Page 29: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/29.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #29
Ethics Case 2
The school computer center
![Page 30: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/30.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #30
Intrusion Detection
What Is It? How Does It Work?
![Page 31: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/31.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #31
What is Intrusion Detection?
• Process
• Identify and respond to malicious activity
• Targeted at – Computing resources– Networking resources
Edward Amoroso
![Page 32: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/32.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #32
Process
• Technology
• People
• Tools
• Much interaction among these
• Not amenable to “black-box” solutions
![Page 33: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/33.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #33
Identify
• Before
• During
• After
![Page 34: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/34.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #34
Respond
• Must first identify
• Nature
• Automatic– Liability--civil and criminal– Casus belli if government?
![Page 35: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/35.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #35
Malicious Activity
• Actions by those who intend harm– Includes so-called “innocent” intrusions– Malicious may be in the eye of the beholder
• What about low-probability vulnerabilities?– Don’t worry about them– Worry, but give very low probability– What if the intruder can establish the
conditions that enable these vulnerabilities?
![Page 36: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/36.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #36
IDS Methods
• Audit trail processing
• Normal behavior profiling
• Abnormal behavior signatures
• Parameter pattern matching
• Neural network and other approaches to inferring abnormal behavior
![Page 37: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/37.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #37
IDS Organization
• Sensor
• System management
• Processing engine and algorithms
• Knowledge base(s)
• Auditing
• Alarms
• User interface
![Page 38: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/38.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #38
What is an Intrusion?• Becomes a philosophical question• Intrusions = attacks ?• Stanley’s working definition:
– An intrusion is any entry or attempted into a protected network that is unplanned, unauthorized, or which exceeds the authorization granted to the perpetrator of the entry, even if the entry is without conscious malicious intent.
![Page 39: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/39.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #39
How Can Perpetrators Hide?
• We have spent the entire semester dealing with aspects of this question
• In-band techniques
• Out-of-band techniques
• Anonymity muddies authentication
![Page 40: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/40.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #40
IDS Information Correlation
• Single vs. multiple session
• Real time vs. after the fact
• In-band vs. all-band
• The basic problem of intelligence analysis obtains:– Is this a new tank that is being reported by the
soldier in his foxhole, or is he seeing the same tank that I already know about?
![Page 41: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/41.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #41
Intruder Trapping• Not a major topic of IDS research• Problematic
– Can trap suspicious users in a dedicated system– What if you are wrong?
• Liability?
• Bad press?
– Worse problem: often, the signature of your best customers and the signature of intruders are frighteningly similar
![Page 42: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/42.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #42
Incident response
• Critical assets involved?• Has this happened before?• Is it still happening?• Damage, compromise, or DoS?• Laws broken?• Policies violated?• Should we break the connection?• Any traps available?• Should we involve law enforcement?
![Page 43: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/43.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #43
Some IDS Thoughts
• This is still an immature area
• Technology cannot solve all problems
• People have problems, too– e.g. humans found only about 1.4% of entries in
audit logs that represented intrusions– People’s loyalties are mobile
• Beware automated responses
![Page 44: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/44.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #44
Some IDS’s Out There
• Black Ice Defender (www.networkice.com)
• CyberCop (www.cybercop.co.uk)
• Emerald (www.sdl.sri.com/projects/emerald/index.html)
• NetRanger (www.cisco.com/univercd/cc/td/doc/product/iaabu/netrangr/)
• RealSecure (www.hallogram.com/realsecure/)
![Page 45: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/45.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #45
Summary
• Legalities involve much more than what is illegal
• Often, your largest concern is for liability and how to limit it.
• Intrusion detection is a process, not a product, and it is still immature
• We have only scratched the network security surface, as weekly reviews show
![Page 46: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/46.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #46
Th…th…that’s all, folks!
Any questions on the overall course?
![Page 47: EE579T/11 #1 Spring 2001 © 2000, 2001, Richard A. Stanley WPI EE579T Network Security 11: Law, Ethics, Intrusions Prof. Richard A. Stanley](https://reader030.vdocument.in/reader030/viewer/2022032704/56649d7f5503460f94a62ba9/html5/thumbnails/47.jpg)
Spring 2001© 2000, 2001, Richard A. Stanley
WPI EE579T/11 #47
Exam Overview
• Roughly 1 1/2 hours long• Please be on time; it is your time you waste• Essay-type exam, involving application of what you
have learned (homework is a good example)• Open book and notes• Please bring pen and/or pencil, and paper on which to
write. A paperclip is also helpful.
• Any other questions?