Even if the access control rules are correctly set, it is possible to abide by these constraints yet still hack a system and gain complete control. The net is that access control is not sufficient for securing your environment. A few years ago, it was not hard to find people who would argue that preventative access control techniques were enough to block attacks. Now, awareness of the importance of monitoring and intrusion detection is slowly creeping into the marketplace.

One weakness of SeOS is that it does not regulate access to traditional IPC constructs, such as semaphores, message queues, or shared memory. No audit trail events are emitted by SeOS for these resources. Not many hack attacks are launched from IPC components, but it will not be long before weakness in IPC security result in system compromises. If you’re using an IDS, you have a higher chance of catching hacks if they occur at this low level in the system.

Although it is not a weakness of SeOS, a computer with only SeOS can still be hacked when someone accesses a resource that is not managed by the SeOS reference monitor. How is this possible? Because SeOS is an access control environment that requires the administrator to specify access rules, administrators may make mistakes. Also, an administrator may not put all system resources under the control of SeOS. Not all buffer overflow attacks will be intercepted by access rules in SeOS. Thus, although SeOS significantly improves the access control security for most systems, it must be complemented with monitoring products.

As noted before, it is extremely important that you monitor your system’s activities to fine tune both your I&A and access control configurations. In the next chapter, you will see how these same issues affect network security. Both I&A and access control for networks will be described. Adding a firewall to better control your site security will definitely increase your perimeter security. However, you will see that intrusion detection is still required because firewalls and other network security mechanisms do not completely eliminate successful hacker attacks.