Re: I'm with Gene
Steve Smith (sdsmith@televar.com)
Sat, 24 Feb 1996 15:49:43 -0800
owner-ids@uow.edu.au wrote:
>
> On Tue, 20 Feb 1996, Gene Spafford wrote:
>
> > 4) This whole thread is getting far afield of IDs. I already dropped
> > my subscriptions to several other security mailing lists because they
> > had a high noise level from people who had installed "crack" and
> > "COPS" and thus decided they were security experts. Please let's not
> > let that happen to this list too? Can we please go back to intrusion
> > detection as a topic?
> >
> > For instance, let's get back to the fact that more than 75% of system
> > abuses in typical commcercial environments comes from insiders. Is
> > anyone looking at what is different about these insiders that can be
> > detected or monitored?
> >
> > --spaf
> >
> I'm with Gene i've dropped so many list in the last few months. However
> on the topic of insiders attacks. Internal security is a nessary to
> maintian a safe system. There are howerver, a few simple rules that i
> have incountered that will help you along in this field.
>
> 1) Network security is a key to a secure working enviroment. Do not
> leave simple things uncovered. example Novell is a batchfile OS so
> secure it, do not allow users to execute it's sudo-dos commands.
> 2. I'm not a windows expert but i've hear NT has a good passwd
> program unlike Novell which is all text based.
>
> 2) Teach your people that hacker love the telephone. If you got a dumb
> person answering fones with a account on your system and they call in
> your introuble. Example "Hello this is Rob johnson down in maintance i
> need you to tell me your login and passwd so i can fix your account" Most
> people will give that info out.
>
> 3) I got some others if anyone cares to continue this theme.I agree with you, for the m
ost part. However, there is more to consider
than just securing your Passwd. Everything should be cross-checked,
meaning if you have a user that connects remotely, you better have a
call back verification system, PLUS, On your hardware level, only the
users could get through the modems (unless a hacker sets up and echo
program as you would in distinguishing Unix passwords and so forth)
But when you are on a hardware level base the only users that could be
possible would be your insiders. There are ways to deal with the worst
problem out there.. 75% of all hack come from within the Facility,
know since we know that perhaps it is time to start cracking them,
understand them. Educate our users on computer policies, and password
policies. Education in this age of information is the key to secure
systems. There will always be a way into a system it is just the nature
of the beast the idea is to counter before being mated. As for the
specific problem of insiders I have a few comments.
1.) Know your users!
If you have no idea to who your users are you will never know
the ones that are capable of system breaches, and other secure
data leaks. By knowing your users, perhaps giving some type of
interview with them etc. you will begin to build a mental
database you will know who are capable and who are your normal
"users."
2.) Use Eclipsed Passwords!
By using Eclipsed Passwords only your user will know the
password. Only the Root, or SU, will have access to the
Shadowed password, no one else
3.) Use secure remote systems!
Sometimes by trying to completely build a secure internal system
we forget to also secure our remote capability, modems, wans,
etc. Be sure to use modems that implement hardware passwords,
this is another big thing for security. If the user can not
access the system he is not a threat.
4.) Maintain adequate systems Maintenance!
System breaches come with the territory. If you are always
maintaining hackers will have to adjust to new devices, bridges,
firewalls, etc.
Internal security may be the hardest to trace, but my far it is
more difficult hacking on-site then from remote site, simply due to time
scales, and witnesses.