TABLE OF CONTENTS Increasingly, crime, as we have said, is digital in nature: burglary, destruction, and thefts are perpetrated via remote system break-ins by computer hackers. Unlike the burglar of a building, cybercriminals will enter through a network port using a variety of utilities and tools for the purpose of obtaining the secret passwords and privileges designed to protect a system, so that they can destroy or steal digital property. In this chapter we will concentrate on the detection of computer system intrusions, which, in our prevailing networked environment, are becoming more common, leading to spiraling costs and massive destruction.
Of 500 organizations that responded to a recent computer crime and security survey conducted by the Computer Security Institute and the FBI, 90% detected an intrusion to their systems. The average loss due to a cybercrime is $6.6 million, up from $954,700 just five years ago. The most damaging attacks are targeted intrusions involving theft and financial fraud. Worms and viruses can also cause worldwide economic damage. Some worms, such as Code Red, enable intrusions, which can run into the billions of dollars in costs for government and corporate networks.
An intrusion is when a hacker attempts to break into or misuse a computer system, Web site, or network. Yet another way to define an intrusion is any set of actions that attempt to compromise the integrity, confidentiality, or availability of a computer resource. First, we will provide a brief overview on some of the techniques, utilities, and tools most commonly...
