Auditing and Intrusion Detection
This chapter examines the relatively new field in computer security and explores several current systems to see how intrusive activity can be detected. Intrusion Detection Systems (IDS) can be designed to detect both attempted break-ins by outsiders as well as unauthorized activity performed by insiders. An IDS often attempts to discover the hidden activity and a final activity an IDS looks for is a denial-of-service attack. IDS can use one of several methods to perform their assigned detection activities. The basic premise behind user profiling is that the identity of any specific user can be described by a profile of commonly performed actions. The idea behind intruder profiling is similar to law enforcement descriptions of profiles for certain types of criminals. The Cooperating Security Manager (CSM) is an intrusion detection system designed to be used in a distributed network environment. An issue that remains is the legality of monitoring actions of users on computer systems.