Introduction

As organizations have migrated most of their key information and business resources to the Internet, network administrators have been charged with the task of connecting mutually distrustful organizations and people without the benefits of centralized management. This is one factor that has led to exposure of sensitive corporate information. There are many examples of theft of credit card databases, customer lists, and other intellectual property in the media today. Remote workers typically access their entire corporate network from the comfort of their home offices. Unfortunately, however, attackers do, too.

The amount of traffic posted to vulnerability mailing lists such as Bugtraq has exploded over the past several years. The amount of information on network vulnerabilities is so pervasive that companies such as SecurityFocus (Symantec) and Ernst & Young commercially sell subscriptions to vulnerability digests, automatically tailored to a company s profile of operating systems and network hardware. Clearly, security is at the forefront of everyone s mind.

And yet, information theft continues to occur.

The Internet evolved in a world without predators. In the recent past denial-of-service attacks were viewed as illogical and undamaging. The Internet today is hostile, and it takes only a tiny percentage of miscreants to do a lot of damage. Causing damage doesn t even require particularly advanced skills anymore, as automated tools abound in the public domain. And organizations are becoming dependent on the Internet for reliability.