Firewall Wizards mailing list archives
Re: Scare Me !!
From: Robert Graham <robert_david_graham () yahoo com>
Date: Thu, 17 Jun 1999 11:17:20 -0700 (PDT)
--- Ken Hardy <ken () bridge com> wrote:
I need to induce a healthy respect for Internet dangers into some folks around here. I know the dangers, or enough of them, but it's wearing to try to educate one after another exec, network tech, etc.
The average @Home subscriber is getting scanned by hackers about once per day (looking for Back Orifice, open shares, open services). The average dialup user gets scanned by hackers about once every couple weeks. In any case, 80% of hacker losses are due to INSIDER hacking, not from the Internet.
In addition to the regular sort of security literature, a list of real-life (or very possible) security incidents that could help foster a healthy respect for the potential dangers might be real useful. An internet shop of horrors website, perhaps. I'd appreciate anything useful in this regard.
http://www.networkice.com/advICE/News Contains a database of about 1000 news articles of hacking events. http://www.gocsi.com/ The Computer Security Institute contains lots of statistical information, such as the fact that 80% of corporate losses due to hackign are from INSIDERS.
a) we have a firewall so we're safe;
A recent study found that 30% of large companies with firewalls were hacked anyway. Also, 80% of losses due to hacking are from INSIDERS that never get close to a firewall. In any case, ask all the ExplorerZip and Melissa victims how well the firewall protected them.
b) a packet filter is a firewall
The last wave of ColdFusion hacks and the coming wave of IIS4 hacks all happen through port 80, meaning a packet filter provides zero protection for these web servers.
c) desktop modems are nothing to worry about
Duh. The first thing a security audting company will do is a war dial against you company. A huge number of desktop modems are left accidentally exposed, and they usually give complete access to the network. Rob. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- Re: Scare Me !!, (continued)
- Re: Scare Me !! Ken Hardy (Jun 14)
- Re: Scare Me !! Lance Spitzner (Jun 14)
- Re: Scare Me !! Alec Muffett (Jun 14)
- Re: Scare Me !! Technical Incursion Countermeasures (Jun 15)
- Re: Scare Me !! Technical Incursion Countermeasures (Jun 15)
- RE: Scare Me !! Copp, Carlton (Jun 15)
- RE: Scare Me !! Feeney, Tim (Jun 15)
- RE: Scare Me !! Joe Pung (Jun 20)
- RE: Scare Me !! Waszak, Thomas (Jun 15)
- Re: Scare Me !! Joseph S D Yao (Jun 16)
- Re: Scare Me !! Robert Graham (Jun 20)