Sorry. But you can't disagree with the analogy. I have clients who DO = feel that way. I would not suggest following that approach for exactly = the reasons that you suggest. But less technically literate businesses = do follow that. And that is part of the reason that there is such a = general perception the Internet is lawlesss and prone to such attacks. Thanks=20 ---------- From: Brad Powell[SMTP:bpowell@topsun.West.Sun.COM] Sent: Monday, January 29, 1996 5:36 PM To: ids@uow.edu.au Subject: Re: Intrusions Paul writes: >From: "Paul G. Seldes" <pgs@tisny.com> >To: "'ids@uow.edu.au'" <ids@uow.edu.au> >Subject: Intrusions >Date: Sun, 28 Jan 1996 08:45:39 -0500 >=20 >One thing to keep in mind is that it is often to ensure that intruders = =3D >can't do anything on a system rather than try to prevent them from =3D >intruding in the first place. =3D20 >If you break into a safe, and there is nothing there....you leave. >This angle works for many businesses and users. I disagree strongly with this analogy Paul.=20 It doesn't work in cyberspace or Internet today.=20 If an intruder breakes into an Internet site and there is nothing there=20 he/she/it doesn't nessasarily leave. Commonly a back-door is built into=20 your "safe" (internet host) assuming that in the future something might=20 be valuable there.=20 Additionally breaking into a safe assumes that your safe isn't connected = to all the other safes in the world. In the case of Internet they are all connected. Thus breaking into one site means an intruder can set a =20 a sniffer and watch Internet traffic of your neighbors and gleen their=20 login/password strings. They can also attack other sites and the attack=20 appears to come from you.=20 No this analogy doesn't quite fit (imnsho) >=20 >Some of my clients have a minimum level of security to secure against = =3D >the "average" hacker. These clients have no exposure if compromised. = =3D wrong as per above. =20 not a flame, I just disagree. Brad