RE: Firewalls and 802.1q trunking

["R. DuFresne" <dufresne () sysinfo com>]

On Wed, 11 Dec 2002, Marcus J. Ranum wrote:

        [SNIP]

> I believe that "computer intrusions" in this case included
> insider wire fraud. Which comes back to what I asked earlier
> about the definition of "attack"
>
> If you count Code Red as an "attack" (I do, actually...) then
> it and the other Internet-borne mass-rooters/scanners render
> the insider threat utterly insignificant in terms of sheer
> numbers of incidents.

I'm sure you count additionally, theft of company resources by employees
to startup their own ventures, including customer lists, which in 2000 or
there about the likes of Nortel had a number of such incidents, which
heightened their focus from just the perimiter to the inside also.

I think the threat from the inside has alot more potential for higher
dollar losses per incident.  Afterall the folks most likely have acceess
to the data and resources, and often corportate audit trails are sorely
lacking.  Take our recent Teledata Communications <TCI> credit/identity
theft issue...


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards