The greatest threat is the problem of insiders who misuse their privileges for malicious purposes. These days, private information has often been leaked because of increased IT outsourcing, administrators’ moral problems, multiple root accounts, and root accounts shared by many users, etc. Accordingly, organizations have employed insider attack detection systems to protect their critical information from break-ins by insider attacks and hackers. In this paper, we developed an integrated insider attack detection system which was composed of a minimized hardware appliance and a software package that uses TCP tunneling and intelligent packet filtering. It could be configured as a gateway between users and legacy servers in order to protect the important internal information in the legacy servers. And, it could control the access of users on the servers, who were connected by Telnet or FTP, to block the theft of confidential information using intelligent packet filtering. Also, it should provide an audit, using packet logging on the legacy servers.
[1]
Sara Matzner,et al.
Analysis and Detection of Malicious Insiders
,
2005
.
[2]
Malek Ben Salem,et al.
A Survey of Insider Attack Detection Research
,
2008,
Insider Attack and Cyber Security.
[3]
Lance Spitzner,et al.
Honeypots: catching the insider threat
,
2003,
19th Annual Computer Security Applications Conference, 2003. Proceedings..
[4]
Kai Chain.
The Study and Security Analysis of HC Stream Cipher
,
2011
.
[5]
Liang Hu,et al.
The Design and Implementation of Trusted Communication Protocol for Intrustion Prevention System
,
2011
.