Re: Intrusions

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ira S. Winkler: "Re: Intrusions"
• Previous message: Greg Foulds: "Re: Intrusions"
• Maybe in reply to: Paul G. Seldes: "Intrusions"
• Next in thread: Kent Dahlgren: "Re: Intrusions"

Paul writes:

>From: "Paul G. Seldes" <pgs@tisny.com>
>To: "'ids@uow.edu.au'" <ids@uow.edu.au>
>Subject: Intrusions
>Date: Sun, 28 Jan 1996 08:45:39 -0500
> 
>One thing to keep in mind is that it is often to ensure that intruders =
>can't do anything on a system rather than try to prevent them from =
>intruding in the first place. =20
>If you break into a safe, and there is nothing there....you leave.
>This angle works for many businesses and users.

I disagree strongly with this analogy Paul. 
It doesn't work in cyberspace or Internet today. 

If an intruder breakes into an Internet site and there is nothing there 
he/she/it doesn't nessasarily leave. Commonly a back-door is built into 
your "safe" (internet host) assuming that in the future something might 
be valuable there. 

Additionally breaking into a safe assumes that your safe isn't connected 
to all the other safes in the world. In the case of Internet they are
all connected. Thus breaking into one site means an intruder can set a  
a sniffer and watch Internet traffic of your neighbors and gleen their 
login/password strings. They can also attack other sites and the attack 
appears to come from you. 

No this analogy doesn't quite fit (imnsho)
> 
>Some of my clients have a minimum level of security to secure against =
>the "average" hacker.  These clients have no exposure if compromised.  =

wrong as per above.  

not a flame, I just disagree.

Brad

• Next message: Ira S. Winkler: "Re: Intrusions"
• Previous message: Greg Foulds: "Re: Intrusions"
• Maybe in reply to: Paul G. Seldes: "Intrusions"
• Next in thread: Kent Dahlgren: "Re: Intrusions"