Re: Intrusions

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Michel Lavondes: "Re: Intro; Question"
• Previous message: Paul G. Seldes: "RE: Intrusions"
• Maybe in reply to: Paul G. Seldes: "Intrusions"

>> One thing to keep in mind is that it is often to ensure that intruders
can't do anything on a system rather than try to prevent them from intruding
in the first place.  
A good security policy is to ensure that intruders can't do anything on a 
system AND try to prevent them from intruding in the first place.

>> If you break into a safe, and there is nothing there....you leave.

Actually, I put a "second combination" on the safe so I can re-open it
when something of interest is placed into it.  Or if the safe is not being
used, then I use it myself.

A recent study from DoD confirmed several industry analyst reports regarding
intrusion detection.  DoD indicated that in an intrusion attempt scan that
only 2% of the total systems hacked were vulnerable to exposure, on a 
particular sensitive network.  However, unauthorized access on that 2% 
allowed DoD intrusion analysts gain access to over 90% of the rest of 
the systems on the network (sniffing, trusted relationships, etc).

Detecting and responding to intrustion access attempts is extremely 
important, but so is detecting and responding to sucessfull intrusions.
(How to answer the question; how do I detect a user who has gain 
unauthorized access to a system in an authorized manner?)

===============================================================
Dale Drew                                MCI Telecommunications
Manager                                    internetMCI Security
                                                    Engineering
Voice:  703/715-7058                    Internet: ddrew@mci.net
Fax:    703/715-7066                MCIMAIL: Dale_Drew/644-3335

• Next message: Michel Lavondes: "Re: Intro; Question"
• Previous message: Paul G. Seldes: "RE: Intrusions"
• Maybe in reply to: Paul G. Seldes: "Intrusions"