>I'm presently working on security policies for a customer, >they're asking me what to do with intruder ;) > >I suggest to find the place where the intruder work, ask the >company *nicely* to fire the guy, then kill his dog and burn the house :) > All I can say is that doing things blindly is the way stupids work. I don't say less mentally disabled persons don't or can't do things blindly, but that is not the way to go. Your analysis is very simplistic. Whenever I see such analysis I always get *very* uneasy and unconfident on the analyst. Things are never so simple. What I'd say is that it is not so simple. It requires a careful evaluation - 1 - Costs Is it worth the investment in finding the guy, where s/he works, etc...? If the damage is null or minor, and the hole can be easily closed, I'd bet it is not worth the investment. Even if you track down the person you could find yourself in a no-win situation - 2 - Damage analysis How much damage has been done? It could have been a person who found an open account by accident and rang an alarm bell. It could be an inocent person trying to do his/her work from home and unknowingly breaking some internal policy. It could be anything. Reaction should be commensurate with the damage: firing a person who works nightly from home and keeping the 9-5'ers only is damaging your productivity. - 3 - Intention What if it is a student ? What if it is someone sharing an account? There are many more chances. You could misinterpret their intentions. It could well be some -not very intelligent- enterprising youth trying to raise levels by demonstrating s/he's better or more knowledgeable. It might be as well a remote company trying to find your secret plans, what effect would have requesting them to fire their spy? - 4 - Strategy Even if all else is worth you may end in a situation in which getting someone fired, crushed or smashed may do you no good. And that's supposing you find the appropriate person: mind you, it may not be the intruder, but a negligent system manager or an unprepared consultant. Once you find it, the publicity may be negative. Or the culprit may be a spy. It may not be the person, but the company that commanded the person to do the work. And it may be better to get proofs and pursue that company. Or fight back and get into an infowar. Who knows? - 5 - Law Last but not least. There are two considerations: first is whether your actions will be backed by law. You might get someone fired and s&he could fight back with a lawsuit and get you in deep shit. Second, is whether the law is right: you have to exercise some intelligent restrain on your actions As an example: you can call the tow to take away a car obstructing a hospital entrance. Of course. I'd applaud you. BUt what if the car is the one of that poor man who just brought his wife to give birth, he's still trying to get her in and you don't even wait a couple of minutes to call the police to tow away the car? I'd say that's sadistic. Even backed by law. Same with computers And we could go on and on. Keep things simple but not simpler than needed. And never forget your human nature. You can make mistakes too, as well as others. A bit of tolerance or magnificience may be much better at times. Don't hurry so much when you emit judgements. jr