Who is an intruder?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Peter G. Neumann: "Re: Who is an intruder?"
• Previous message: Jennifer Myers: "WWW list archive (was Re: FAQ)"

Hello All

Before you can do looking for an "Intruder" you need to have
an idea of what and intruder is.

The most common definition I have seen is that of "some entity"
accessing/using a system beyond their authority.

Once you find an "Intruder" you need to know what to do with
them.

Two choices 1) Get rid of them quick smart. 2) Monitor and persue.

A usage policy which defines authority is (almost) mandatory.
Without such a policy you are up a creek.

Any thoughts on this as these point have a severe impact on the
actions an Admin takes, the tools they run and User expectations of the
system.

Could it be that the most powerful tool an Admin has is the policy document?

regards

Andrew

For further reading see RFC1244

Part time admin of various Unix systems and support person for
MANY Macs and PCs at my site.

PS If this message is not appropriate then throw it away...:-)

---------------------------------------------------------------------------
 Andrew PRUSEK                            Phone +61 86 40 4590
 BHP Information Technology               Fax   +61 86 40 4720
 PO Box 21 / Port Augusta Road            Email andrewp@itwhy.bhp.com.au
 Whyalla SA 5600
 Australia                            Disclaimer: My opinions are my own.

• Next message: Peter G. Neumann: "Re: Who is an intruder?"
• Previous message: Jennifer Myers: "WWW list archive (was Re: FAQ)"