Introduction

It s 9:30 a.m., and Bob Sysadmin has just walked out of his boss s office, shaking his head ruefully. When he arrived at work that morning, it was to face an angry Web development team whose beautiful and elegantly designed index page had been replaced with the crude legend, Y0U H4\ /3 B33N 0WN3D BY AG3NT D3L3T3! l@m3 security, d00d. greetz to m4g3, p1><1e, and the V0R! Bob was initially shocked, and then profusely apologetic. Dialing up his boss on the cell phone, he ran for the server room to yank out the Ethernet cable of the compromised machine and get the computer emergency response team involved. Perhaps now, he thought grimly, his budget request for an Intrusion Detection System (IDS) wouldn t seem so unnecessary.

Bob s meeting with his boss was somewhat rocky. Fortunately, Bob was able to calmly counter the angry management How did this happen? Someone s head is going to roll! bluster with a clear explanation of the weaknesses in their network defenses, and the budgetary and managerial reasons why they hadn t been strengthened. He pointed out their staffing shortages, the lack of defense in depth, and the critical lack of information about ongoing attacks. Although the meeting started badly, by the end of it, Bob s boss was asking thoughtful questions and framing a productive response to the compromise. Bob began to hope that, with management support, he might be able to make a real difference in his company s network security.

It s 9:30 a.m., and across...