Protect Your Information with Intrusion Detection (Power)

The Information System (IS) of any company (financial, insurance, trade, etc.) or organization comprises the components intended to solve specific problems. In most cases, a typical IS comprising two or more hosts includes the following four levels (Fig. 1.2):

• The application software level. This level is responsible for interface with the user. Examples of IS elements working at this level include Microsoft Word for Windows, Microsoft Excel, Outlook Express, MS Query, and so on.

• The Database Management System (DBMS) level. This level is responsible for IS data storage and processing. Examples of the software running at this level include Oracle DBMS Server, MS SQL Server, Sybase and MS Access.

• The operating system level. Software at this level serves database management systems and application software. Examples of the elements of this level are Microsoft Windows NT/2000, Sun Solaris, Novell NetWare, and so on.

• The network level, responsible for connection between the hosts of the IS. Typical elements of this level are modules interacting according to network protocols such as TCP/IP, IPX/SPX, or SMB/NetBIOS.

Fig. 1.2. Levels of the Information System (IS)

Intruders have the widest range of capabilities at their disposal to violate the security policy at each of the above-listed levels of the IS. For example, to get unauthorized access to financial information stored in one of the MS SQL Server databases, the intruder may try to implement one of the following attacks:

• Read database records using SQL queries via MS Query or MS Excel that enable you to access database records (application software level)

• Read required data using the DBMS itself (DBMS level)

• Read database files using the file system tools (OS level)

• Intercept data transmitted via network (network level)