1.  Excessive Reporting and False Positives

An improperly configured Intrusion Detection System (IDS) may generate significant number of false positives that overwhelm universities' IT security resources and obscure valid hits. Over-monitoring of data volume or keywords / data patterns can easily exhaust limited resources and result in delay or even interruption to service provision.

2.  Improperly Configured Security Infrastructure

When a security infrastructure is not able to handle the amount of network traffic, due to either insufficient consideration of traffic volume during the design stage or increased network traffic over time, some network packets may be missed or dropped, allowing certain data to pass uninspected. It may render hacking protection ineffective when unauthorised transmission of sensitive data to external parties is ignored.

3.  Conflicts with System Performance and Operations

Hacking protections, especially intrusion detection systems, can cause compatibility issues when conflicting with other systems and software. For example, some application software cannot run properly on encrypted hard drive. Applications errors or performance degradation are two common results of such conflicts. In worst case, the compatibility issues may cause the abnormal termination of other security controls and expose universities' information system to even great risks.

4.  Over Protection against Hacking

Universities must pay extra attention to strike a balance between risk of exploitation and operational level. Otherwise, inadequately tuned security infrastructure may cause disruption of universities' operation, waste of staff or students' time, damage to relationship with external parties such as contractors and the public. E.g. blocking employees sending sensitive data to authorised external parties; disrupting normal e-mail services used by universities.

Reference:
JUCC IT newsletter Issue #5 - Data Leakage Protection
http://www.eccouncil.org/CEH.htm

[Previous section][Next section]