Dealing with Insider Threats

• Detection: use intrusion detection systems; however, they are not perfect (high false positives rate).

• Prevention: use access control, firewalls, proactive security; but vulnerabilities still exist (OS bugs, buffer overflow, cover channels, etc).

• Mitigation (tolerate/cope): use mechanisms that provide service to correct participants while under attack, even if several participants are compromised.

• The above methods do not exclude each other.

Previous slide

Next slide

Back to first slide

View graphic version