Re: I got an intruder ...

J.R.Valverde (JRVALVERDE@Samba.cnb.uam.es)
Thu, 16 Nov 1995 10:22:55 +0100 (WET) 

>I'm presently working on security policies for a customer,
>they're asking me what to do with intruder ;)
>
>I suggest to find the place where the intruder work, ask the
>company *nicely* to fire the guy, then kill his dog and burn the house :)
>

        All I can say is that doing things blindly is the way stupids work.
I don't say less mentally disabled persons don't or can't do things blindly,
but that is not the way to go.

        Your analysis is very simplistic. Whenever I see such analysis I
always get *very* uneasy and unconfident on the analyst. Things are never
so simple.

        What I'd say is that it is not so simple. It requires a careful
evaluation

        - 1 - Costs
Is it worth the investment in finding the guy, where s/he
works, etc...? If the damage is null or minor, and the hole can be easily 
closed, I'd bet it is not worth the investment. Even if you track down the
person you could find yourself in a no-win situation

        - 2 - Damage analysis
                How much damage has been done? It could have been a person
who found an open account by accident and rang an alarm bell. It could be
an inocent person trying to do his/her work from home and unknowingly
breaking some internal policy. It could be anything. Reaction should be
commensurate with the damage: firing a person who works nightly from home
and keeping the 9-5'ers only is damaging your productivity.

        - 3 - Intention
                What if it is a student
? What if it is someone sharing an
account? There are many more chances. You could misinterpret their intentions.
It could well be some -not very intelligent- enterprising youth trying to
raise levels by demonstrating s/he's better or more knowledgeable. It might
be as well a remote company trying to find your secret plans, what effect
would have requesting them to fire their spy?

        - 4 - Strategy
                Even if all else is worth you may end in a situation in
which getting someone fired, crushed or smashed may do you no good. And that's
supposing you find the appropriate person: mind you, it may not be the 
intruder, but a negligent system manager or an unprepared consultant. Once
you find it, the publicity may be negative. Or the culprit may be a spy.
It may not be the person, but the company that commanded the person to
do the work. And it may be better to get proofs and pursue that company.
Or fight back and get into an infowar. Who knows?

        - 5 - Law
                Last but not least. There are two considerations: first is
whether your actions will be backed by law. You might get someone fired and
s&he could fight back with a lawsuit and get you in deep shit. Second, is
whether the law is right: you have to exercise some intelligent restrain
on your actions

        As an example: you can call the tow to take away a car obstructing
a hospital entrance. Of course. I'd applaud you. BUt what if the car is the
one of that poor man who just brought his wife to give birth, he's still
trying to get her in and you don't even wait a couple of minutes to call
the police to tow away the car? I'd say that's sadistic. Even backed by
law. Same with computers

        And we could go on and on. Keep things simple but not simpler than
needed. And never forget your human nature. You can make mistakes too, as
well as others. A bit of tolerance or magnificience may be much better at
times.

        Don't hurry so much when you emit judgements.

                                jr