Information Technology Reference
In-Depth Information
credit card to an internet identity. Their intent is to facilitate the transfer of funds
between parties conducting business online. The “PayPal” online payment system
is an example. The virtual browser can be used to create an automated payment
system. With an appropriately constructed virtual browser, traffic generated by
these synthetic users is again indistinguishable from human users. The virtual
browser, combined with proxy/relay intermediates that give the appearance of
multiple, legitimate, synthetic users, can literally create, manage and pay for items
that do not even need to exist.
6.
Visibility and scopes.
Sensors are limited in their visibility. Businesses that provide
web services such as email, payment and auction have severely limited abilities to
detect their users' participation in such illegal activities because their ability to
observe is well constricted within their own domains. This constraint holds true in
both computing and business contexts. Not having the sensors in the right place or
not sampling data at the right time within an on-line business transaction system
guarantees that unusual behavior will go undetected. In fact, improper placement of
sensors can convey the false impression that everything is normal and “safe”.
7.
Wrong sensors
. Sensors and security applications are at the wrong level of
abstraction. As the case clearly illustrated, neither today's neither network-based
IDS nor today's host-based IDS can be of much value in this kind of real-life
transaction-level intrusion. Sensors suitable for the platforms (network and host-
based IDS) are not necessarily appropriate for detection at the application and
transaction levels. What is not observed can never be seen.
6 The Future Beyond the IA Corner Stones
21st century business paradigm shift presents additional and unique challenge beyond
traditional security areas. This complexity rises due to the increasingly frequent,
dynamic and finer-granularity level of interactions between collaboration partner
users and often distributed, and diversely owner, data. Such intensive interaction is a
vital function for the modern virtual enterprise. Legacy IA comes out short addressing
this critical issue.
6.1 Multiple Authorization Requirement Sets
Take a large multi-national virtual enterprise for example, in order to effectively
perform collaborative engineering, design, manufacturing or even coalition warfare
operations; partners need to access and share value assets on a very frequent basis.
The business logic of who can access what, at what time, under what conditions, is a
very complex one. The logic could contain export control regulations from multiple
countries. It could also contain business contracts between any partnership
arrangements within this virtual enterprise. Moreover, each partner likely also has
internal operation process and standards that dictates additional protections and
disclosures. For all of them to be enforced appropriately, the security mechanisms
(e.g. access control list, user group setting, and access matrix) buried deep within the
end environments (e.g. file-system, database) must be correctly configured. This is no
