Next: Information Dissemination Up: Trends for the Previous: Internal Threats

Connectivity

Connectivity allows the hacker unlimited, virtually untraceable access to computer systems. Registering a network host is akin to listing the system's modem phone numbers in the telephone directory. No one should do that without securing their modem lines (with dial-back modems or encryption units). Yet, most network hosts take no special security precautions for network access. They do not attempt to detect spoofing of systems; they do not limit the hosts that may access specific services.

A number of partial solutions to network security problems do exist. Examples include Kerberos, Secure NFS [GS91], RFC 931 authentication tools [Joh85] and ``tcp wrapper'' programs (access controls for network services with host granularity). However, these tools are not widely used because they are partial solutions or because they severely reduce functionality.

New solutions for organizations are becoming available, such as the Distributed Intrusion Detection System (DIDS) [L+92] or filtering network gateways. DIDS monitors activities on a subnet. The filtering gateways are designed to enforce an organization's network policy at the interface to the outside network. Such solutions may allow the organization to enjoy most (if not all) of the benefits of network access but limit the hackers' access.



Next: Information Dissemination Up: Trends for the Previous: Internal Threats


konczal@csrc.ncsl.nist.gov
Thu Mar 10 15:32:44 EST 1994