RE: Intrusions

Paul G. Seldes (pgs@tisny.com)
Wed, 31 Jan 1996 17:58:59 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dale Drew: "Re: Intrusions"
Previous message: Dale Whiteaker-Lewis: "Advice for Risk Assessment consultant (was Re: Intrusions)"

Sorry.  But you can't disagree with the analogy.  I have clients who DO =
feel that way.  I would not suggest following that approach for exactly =
the reasons that you suggest.  But less technically literate businesses =
do follow that.  And that is part of the reason that there is such a =
general perception the Internet is lawlesss and prone to such attacks.

Thanks=20

----------
From:  Brad Powell[SMTP:bpowell@topsun.West.Sun.COM]
Sent:  Monday, January 29, 1996 5:36 PM
To:  ids@uow.edu.au
Subject:  Re: Intrusions

Paul writes:

>From: "Paul G. Seldes" <pgs@tisny.com>
>To: "'ids@uow.edu.au'" <ids@uow.edu.au>
>Subject: Intrusions
>Date: Sun, 28 Jan 1996 08:45:39 -0500
>=20
>One thing to keep in mind is that it is often to ensure that intruders =
=3D
>can't do anything on a system rather than try to prevent them from =3D
>intruding in the first place. =3D20
>If you break into a safe, and there is nothing there....you leave.
>This angle works for many businesses and users.

I disagree strongly with this analogy Paul.=20
It doesn't work in cyberspace or Internet today.=20

If an intruder breakes into an Internet site and there is nothing there=20
he/she/it doesn't nessasarily leave. Commonly a back-door is built into=20
your "safe" (internet host) assuming that in the future something might=20
be valuable there.=20

Additionally breaking into a safe assumes that your safe isn't connected =

to all the other safes in the world. In the case of Internet they are
all connected. Thus breaking into one site means an intruder can set a =20
a sniffer and watch Internet traffic of your neighbors and gleen their=20
login/password strings. They can also attack other sites and the attack=20
appears to come from you.=20

No this analogy doesn't quite fit (imnsho)
>=20
>Some of my clients have a minimum level of security to secure against =
=3D
>the "average" hacker.  These clients have no exposure if compromised.  =
=3D

wrong as per above. =20

not a flame, I just disagree.

Brad

Next message: Dale Drew: "Re: Intrusions"
Previous message: Dale Whiteaker-Lewis: "Advice for Risk Assessment consultant (was Re: Intrusions)"