Re: I'm with Gene

serw30@gibson.cioe.com
Fri, 23 Feb 96 14:33:09 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Arve Kjoelen: "Re: Sniffer Detection"
Previous message: Steve Smith: "Re: I'm with Gene"
Maybe in reply to: owner-ids@uow.edu.au: "I'm with Gene"
Next in thread: Dan Stromberg: "Re: I'm with Gene"

>On Tue, 20 Feb 1996, Gene Spafford wrote:

>> 4) This whole thread is getting far afield of IDs.  I already dropped
>> my subscriptions to several other security mailing lists because they
>> had a high noise level from people who had installed "crack" and
>> "COPS" and thus decided they were security experts. Please let's not
>> let that happen to this list too?  Can we please go back to intrusion
>> detection as a topic?
>>
>> For instance, let's get back to the fact that more than 75% of system
>> abuses in typical commcercial environments comes from insiders.  Is
>> anyone looking at what is different about these insiders that can be
>> detected or monitored?
>>
>> --spaf
>>
>I'm with Gene i've dropped so many list in the last few months.  However
>on the topic of insiders attacks.  Internal security is a nessary to
>maintian a safe system.  There are howerver, a few simple rules that i
>have incountered that will help you along in this field.

>1) Network security is a key to a secure working enviroment.  Do not
>leave simple things uncovered.  example Novell is a batchfile OS so
>secure it, do not allow users to execute it's sudo-dos commands.
>        2. I'm not a windows expert but i've hear NT has a good passwd
>program unlike Novell which is all text based.

>2) Teach your people that hacker love the telephone.  If you got a dumb
>person answering fones with a account on your system and they call in
>your introuble. Example "Hello this is Rob johnson down in maintance i
>need you to tell me your login and passwd so i can fix your account" Most
>people will give that info out.

>3) I got some others if anyone cares to continue this theme.

        As Mr. Spafford stated earlier, most problems come from the inside
of an organization. The true question in my opinion is assessing the threats
posed by employees, or members of a given group, when their disposition may
change quite radically in a short period of time.
         Since these people are already members of this group they probably
aready have a certain amount of access to the computer system. Their
position is much better than someone trying to pull off a simple social
engineering ploy. The trick is detecting a change in their actions or
routines that will indicate a willingness to abuse the system. Does anyone
profile known abusers after the fact, to determine some common theme of
behavior amongst them?

                                        -Eric

Next message: Arve Kjoelen: "Re: Sniffer Detection"
Previous message: Steve Smith: "Re: I'm with Gene"
Maybe in reply to: owner-ids@uow.edu.au: "I'm with Gene"
Next in thread: Dan Stromberg: "Re: I'm with Gene"