Hackers enter networks undetected in many different ways. Organizations often spend a lot of time and effort guarding against outside attackers while insiders may pose a bigger risk. If IDSes and controls focus on outsiders, insiders may be able to exceed their access level and remain undetected. Even if an attack originates from the outside, it may go unnoticed. Many security administrators are so overworked they may not be able to perform an in-depth analysis of their IDS logs. If the IDS isn't properly tuned, false-positives can occur and security administrators may miss an actual hacking attempt. An example of this is the PBS report concerning Moonlight Maze. These hacks and probes of computer systems at the Pentagon, NASA, Energy Department, private universities and research labs began in March 1998 and had been going on for nearly two years before being discovered.
This was first published in September 2005