Abstract
During last decade the number of successful intruder attacks has increased in many times. The damage caused by these attacks is estimated in hundreds millions of dollars. Insiders have a significant advantage over others who might want to harm an organization. Insiders can bypass physical and technical security measures designed to prevent unauthorized access. Mechanisms such as firewalls, intrusion detection systems, and electronic building access systems are implemented primarily to defend against external cyber threats. In spite of the complexity the problem, insiders can be stopped by means of a layered defense strategy consisting of policies, procedures, and technical controls. The paper describes a threat model of insider attacks and modern technologies that allow to protect computer systems against insiders. The paper covers advantages and disadvantages of different approaches that are used nowadays for detection and prevention of insider attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alberts, C., Audrey, D., Zajicek, M.: Defining Incident Management Processes for CSIRTs (CMU/SEI-2004-015). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University (2004)
Avdoshin, S., Serdiouk, V.: Some approaches to information security of communication networks. Slovenia, Informatica 26, 1–10 (2002)
Cappelli, D., Moore, A., Shimeall, T., Trzeciak, R.: Common Sense Guide to Prevention and Detection of Insider Threats. Carnegie Mellon University (2006)
CERT. Survivability and Information Assurance Curriculum (SIA), 2006 (2006), http://www.cert.org/sia
Serdiouk, V.: Behavior-based model of detection and prevention of intrusions in computer networks. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, Springer, Heidelberg (2005)
Serdiouk, V.: Technologies for the protection against information leakage. Vek kachestva 3, 62–67 (2005)
Yachin, D.: InfoWatch: A Multilayered Approach for Information Leakage Detection and Prevention. IDC Whitepaper (2005)
Gordon, L., Loeb, M., Lucyshyn, W., Richardson, R.: CSI/FBI Computer Crime and Security Survey, Computer Security Institute (2006)
Ramkumar, C., Anusha, I., Hung, N., Shambhu, U.: A Target-Centric Formal Model For Insider Threat, Department of Computer Science and Engineering State University of New York at Buffalo Buffalo, NY 14260 (2003)
Anderson, R., Bozek, T., Longstaff, T., Meitzler, W., Skroch, M., Wyk, R.: Research on Mitigating the Insider Threat to Information Systems. In: Proceedings of a Workshop Held (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Serdiouk, V. (2007). Technologies for Protection Against Insider Attacks on Computer Systems. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-73986-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73985-2
Online ISBN: 978-3-540-73986-9
eBook Packages: Computer ScienceComputer Science (R0)