(nếu bộ cảm biến ở phía trước của tường lửa) hoặc các biện pháp thành công của chúng tôi trong các cuộc tấn công cản trở theo chính sách (nếu được đặt phía sau tường lửa). Các tường lửa được rất linh hoạt và có thể xuất hiện như bất kỳ của bốn mô hình kênh được giới thiệu trong chương 4, "Mô hình Kiến trúc trong an ninh." | Building Business Cases for Security 403 pany classifies the successful exploits as outside your coverage after the attack you are out of luck. Fourthly there is also the risk of moral hazard. Insurance encourages risk-taking which is essential for economic progress. Insurance can also result in fraud however. Auto insurance companies in many states complain that the primary cause of rising auto insurance rates is fraud. Medical insurers similarly blame a portion of the rise in health care costs on excessive fraudulent claims filed by organized gangs that collude with medical service providers to swindle the company out of enormous amounts of money. Companies that buy computer hacker insurance policies must not be able to exploit that insurance policy to defraud the insurer. This task is extremely difficult. Security forensics is hard enough in genuine cases of intrusion let alone cases where the insured is an accomplice of the hacker and to the intrusion act. Finally insurance works when the individual claims filed are probabilistically independent events. The likelihood of my house burning down at the same instant that your house burns down is small if we live in different cities but much larger if we are neighbors. The Internet and all of the networks we build that connect to it break down the boundaries between systems. The networks we depend on for services also link us together across geographic boundaries to make us neighbors when attacked. One e-mail virus spawns 50 each of which spawn 50 more affecting all the mail users in a corporation all their friends on mailing lists all their corporate partners and all customers. We depend on critical services. If a hacker launches a distributed DOS attack at something universally needed such as a DNS can all the affected systems file claims or only the owners of the DNS server If Yahoo goes down who can file a claim Is it only the company Yahoo Incorporated Can Yahoo users file claims Can Yahoo advertisers file .