ABSTRACT
The role of policy in determining what constitutes an intrusion, and how serious that intrusion is, guides the development of detection, assessment, and prevention mechanisms. These mechanisms rely upon the logging mechanisms embedded in the systems on the Internet, and the Internet infrastructure. The logs provide invaluable information for intrusion detection and analysis; indeed, they form the basis for all postmortem analysis. Indirectly, the policy determines what to log, how the desired level of logging impacts system performance, and how to analyze the resulting logs. Their critical role in Internet security makes them an important topic for our third section. The fourth section discusses how the policy, and these associated mechanisms, guide detection, assessment and recovery from attacks, as well as prevent attacks.
