Re: I got an intruder ...
MICHAEL S. HINES (MSHINES@freh-02.adpc.purdue.edu)
Wed, 8 Nov 1995 09:46:07 EST
> I'm presently working on security policies for a customer,
> they're asking me what to do with intruder ;)
Prosecute, prosecute, prosecute - but of course you may have to get
the laws changed to make intrusion an illegal act first of all. And
if the intruder is from across the pond (either way) you've got an
International indicent to deal with. CERT (the Computer Emergency
Response Team) can be of assistance (esp. if the intruder you
detected happens to part of a larger organized attack). The FBI is
the agency in the USA which is the contact for InterPol, if you have
an international incident..
> I suggest to find the place where the intruder work, ask the
> company *nicely* to fire the guy, then kill his dog and burn the house :)
I'd also sugget they sever all his computer accounts, and Internet
access. Of course, he/she can go down the street to any ISP (Internet
Service Provider) and continue his/her games and tricks.
Getting cooperation from the other guy's employer is a whole different matter.
Maybe, he's being paid to examine your work. Then what?
The best offense if a good defense - keep them out in the first
place, and hide (encrypt) business mission critical information.
Good luck!
----------------------------------------------------------------------
Internet: mshines@ia.purdue.edu | Michael S. Hines
Voice: (317) 494-5845 | Sr. Information Systems Auditor
FAX: (317) 496-1814 | Purdue University
| 1065 Freehafer Hall
| West Lafayette, IN 47907-1065
----------------------------------------------------------------------