Communications of the ACM
Communications of the ACM
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Representing and Parameterizing Agent Behaviors
CA '02 Proceedings of the Computer Animation
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
ETP '03 Proceedings of the 2003 ACM SIGMM workshop on Experiential telepresence
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Towards an Approach for Automatically Repairing Compromised Network Systems
NCA '04 Proceedings of the Network Computing and Applications, Third IEEE International Symposium
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Searching for the Right Fit: Balancing IT Security Management Model Trade-Offs
IEEE Internet Computing
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Displays in the wild: understanding the dynamics and evolution of a display ecology
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Using active intrusion detection to recover network trust
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
| Hi-index | 0.00 |
One of the most significant unsolved problems for network managers and system administrators is how to repair a network infrastructure after discovering evidence of an extensive compromise. The technical issues are compounded by a breathtaking variety of human factors. We present a study of three significant compromises of a medium-scale network infrastructure. We do so as a way to expose the difficulties -- both technical and human -- inherent in intrusion recovery. Most network users take a "secure" network infrastructure for granted. Real events show that this level of faith is unwarranted, as is the belief that intrusions are or can be completely repaired, especially in the absence of research on network recovery mechanisms that explicitly take the needs of support staff into account. We conclude with lessons learned and some detailed suggestions for tools that can help bridge this gap.