Network Intrusion Detection

Securing an organization’s digital assets and information at the perimeter

I started out my technology career in a manner similar to many others in the industry, by supporting the network and systems of a small Midwestern company. My main task was to simply keep the network up and running so people could access files and print reports. Security was not really a consideration, as only two or three people had Internet access, and I had not yet learned that even dial-up access can provide a security risk to a business.
As the company grew, an always-on Internet connection was added to the network so that all users could conduct research and use e-mail. This dedicated Internet connection was not initially protected by a firewall. Several months passed before the ownership of the company was convinced that spending several thousand dollars on a firewall appliance was truly necessary. Within an hour of the installation of the firewall, I identified traffic from an IP address that was identified as being registered to the Ministry of Education, Republic of Taiwan. I also identified traffic from India, Brazil and Texas. I was astonished! I fell victim to a common network security misconception — we are a small business and nobody is interested in our data or our systems. But in reality, any computer connected to the Internet is vulnerable.

An unprotected system can be used in several ways:
• An attacker can look around to see if there is anything of interest to collect, such as credit card numbers, social security numbers and other personal information.
• An intruder can store stolen materials, such as child pornography, copyrighted materials (music and movies) or credit card numbers.
• Someone wishing to distribute malicious software can use a compromised system to automatically distribute malware. Or the system can be configured to operate as a “bot” — a system that can be controlled remotely to distribute software or launch “attacks” on other systems.

Often, an attacker can perform one or more of the activities listed above, as demonstrated by the 2003 breach of the computers in the international students office at the University of Kansas, where a hacker stole personal information for more than 1,400 foreign students. In addition, “the university’s investigation revealed that the hacker apparently intruded five times into the university’s computer systems…The other attacks used the university’s machines to illegally download and install copyrighted moves and pornography,” according to The Chronicle of Higher Education (Jan. 2003).

This content continues onto the next page...