> I'm presently working on security policies for a customer, > they're asking me what to do with intruder ;) Prosecute, prosecute, prosecute - but of course you may have to get the laws changed to make intrusion an illegal act first of all. And if the intruder is from across the pond (either way) you've got an International indicent to deal with. CERT (the Computer Emergency Response Team) can be of assistance (esp. if the intruder you detected happens to part of a larger organized attack). The FBI is the agency in the USA which is the contact for InterPol, if you have an international incident.. > I suggest to find the place where the intruder work, ask the > company *nicely* to fire the guy, then kill his dog and burn the house :) I'd also sugget they sever all his computer accounts, and Internet access. Of course, he/she can go down the street to any ISP (Internet Service Provider) and continue his/her games and tricks. Getting cooperation from the other guy's employer is a whole different matter. Maybe, he's being paid to examine your work. Then what? The best offense if a good defense - keep them out in the first place, and hide (encrypt) business mission critical information. Good luck! ---------------------------------------------------------------------- Internet: mshines@ia.purdue.edu | Michael S. Hines Voice: (317) 494-5845 | Sr. Information Systems Auditor FAX: (317) 496-1814 | Purdue University | 1065 Freehafer Hall | West Lafayette, IN 47907-1065 ----------------------------------------------------------------------