Re: [AFWD] Re: Question. (Was re:hacker's intro)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Steve Smith: "Re: I'm with Gene"
• Previous message: adamsb@un.org: "Re[3]: Question. (Was re:hacker's intro) Sentry?????"

>>For instance, let's get back to the fact that more than 75% of system
>>abuses in typical commcercial environments comes from insiders.  Is
>>anyone looking at what is different about these insiders that can be
>>detected or monitored?
>>
>>--spaf
>>
>
>I agree that the noise level is a little high. I joined the list to learn
>more about IDS and security (I have installed crack and COPS but don't
>consider myself a security expert yet).  What about sniffing inside a
>firewall.  Is there any way yet of possibly detecting a sniffer?
>
>-Chris


Chris,
When you begin installing sniffers within your organizations, you need to
look at the issue of violation of an individuals privacy.  ***Now before you
go ranting*****, allow me to explain...
Justification is the only weapon you will have when you approach your
"boss", at whatever level that might be in gaining aproval for such a tool
to be used.  If prior approval is not obtained and one of the "users" finds
out...there will be hell to pay in explaining why you were not just
targeting one workstation...or any number of other questions which are bound
to pop up.

My basis for my statement is based on the fact that I work for the DoD and
this is a CRITICAL element when we are looking at a system/site.

Tony

If You Don't Do It Right The First Time...
Be Prepared To Make Time To Do It Over....D.R.J.

Visit my Home Page:  http://www.serve.com/ruccia

• Next message: Steve Smith: "Re: I'm with Gene"
• Previous message: adamsb@un.org: "Re[3]: Question. (Was re:hacker's intro) Sentry?????"