By Topic

Privacy issues in an insecure world

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Strayer, W.T. ; BBN Technol., Cambridge, MA, USA

We all have a notion of privacy and understand that we trade some of it away in order to have normal social interactions and communal security. Networked computer systems are no different. The notion of privacy is running squarely against the need for security in an increasingly networked world. Is it possible to have secure systems that honor privacy? There are two basic ways to secure a network: prevent bad things from happening, and watch closely for bad things and prosecute those who commit them. Since our current preventative measures like authentication and authorization seem to be failing to adequately protect the network, we have turned more toward auditing and monitoring-first as a complement, and now increasingly as a substitute-for prevention. I discuss the impact security concerns is having on privacy, and suggest that today's trend of solving security by detecting intrusions through monitoring is a reaction to institutional paranoia as well as woefully inadequate software development processes. I argue that monitoring alone can't provide sufficient protection, and that in fact the trend of relying increasingly on intrusion detection systems tells us that we are really losing ground-not gaining-on providing computer security.

Published in:

Network Computing and Applications, 2003. NCA 2003. Second IEEE International Symposium on

Date of Conference:

16-18 April 2003