Re: Question. (Was re:hacker's intro)
Ira S. Winkler (winkler@c3i.saic.com)
Fri, 23 Feb 96 10:15:00 EST
> OK,
>
> Here is a question for the group:
>
> Would you like to have a Prolog-like based rule system that would do
> intrusion detection? I think CLIPS could be a choise if one would
> like to implement such a system. (This is just asking your opinion on
> the Prolog style of programming).
>
> > For instance, let's get back to the fact that more than 75% of system
> > abuses in typical commcercial environments comes from insiders. Is
> > anyone looking at what is different about these insiders that can be
> > detected or monitored?
>
> I is my understanding that most of them in the 75% are either bribed or
> getting revenge, so what can you do?
The goal would be to put in tools that detect anomalous or unusual activities
within organizations, and stop having a false sense of security or satisfaction
because of strong perimeter security mechanisms, such as firewalls.
Also, a personal interest, Do not just rely upon technical security mechanisms.
Use door and file cabinet locks. Challenge people that are asking for information
or access that is outside of their area of repsonsibility. And most importantly
have a strong awareness program that tells employees what to look for with
regards to insider thefts.
There are plenty of things that can be done to monitor internal assets, as long
as you don;t just say it's too hard so you will ignore the problem.
Ira