RE: application for an employment

["Craddock, Larry" <l_craddock () wfec com>]

> -----Original Message-----
> From: Hans Meier (John Doe) [mailto:security.department () tele2 ch] 
> Sent: Friday, March 31, 2006 9:17 AM
> To: security-basics () securityfocus com
> Subject: Re: application for an employment
>
>
> I have another analogy try (sorry for that :-) :
>
> Putting a box with a public IP on a public net offering 
> public services is like presenting products in a Walmart or 
> an Aldi respectively. I'm neither obliged to know what I'll 
> buy before visiting the store, nor to only buy products that 
> have been advertised. I look at different places, and search, 
> to see what's availabe, and touch. This is all legal. 

Not a bad analogy but a better fit would be to take one step back. The store
is only public when it's open and the road that gives access to it and other
stores is what's always public. You're free to search that road for open
stores but even that doesn't require rattling the knobs and checking the
windows. And once inside you're free to inspect the items they've placed
there for sale but giving you entry into the store doesn't imply free access
to all their resources. For instance, if you decide that maybe you should be
able to inspect Walmart's books and make yourself at home at the manager's
desk in their office, you can probably expect to be escorted out. They
probably have employee records in there someplace. They possibly have a break
room with a refrigerator where employees may have placed some of the very
same items the store sells. Do you have a right to those? Would you even
THINK you did? No ... it's obvious what's for sale and what's not. Does the
fact that they have public offerings give anyone a right to walk in and
inspect their employee records? No, it's obvious what's for sale and what
areas in the store you're welcome to visit. It's not much different with
internet servics. I know where I should be and if I end up someplace where I
shouldn't be it's because I made a conscious effort to get there and
knowingly disregarded the wishes of the owner.

As vague and fuzzy as some would like to make this, it's really not all that
complicated, at least not from practical and ethical viewpoints. It may in
fact be very complicated from a legal standpoint but then you seldom enter
that arena without having done something that's at least questionable. Those
who attempt to make it appear complicated do so to justify their own
preferences and/or activities. I've been involved with internet services for
around 12 years and I can tell you for an absolute fact I've NEVER needed to
portscan some network to "find out what services they offer." That's nothing
but an excuse.

Larry Craddock



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------