Re: Firewalls and 802.1q trunking

[Brian Ford <brford () cisco com>]

Mike, et. al.;

The problem keeps on coming back to finding the person to grab by the collar.

Take a look at the recent case of Phillip Cumming, a former employee of 
Teledata Communciations on Long Island, New York.  Teledata produces, 
sells, and supports software that is used in conjunction with an account at 
one of the major credit reporting agencies in order to manage credit 
information.  Teledata (TCI) is not a credit reporting agency themselves.

http://www.newsday.com/business/ny-bzside1126,0,1581798.story?coll=ny-business-headlines

and

http://www.tcicredit.com/news.htm

Cummings is alleged to have sold the software and more importantly access 
via account IDs and passwords that he fraudulently obtained based on his 
employment and role at Teledata; to individuals involved in a separate 
credit / identity theft scheme. He is supposed to have received upwards of 
$60 per report.  He is supposed to have supplied an untold number of these 
reports that was estimated in the press in the tens of thousands.

So in this case the person who was arrested worked for a software company 
independent of the credit agencies.  He should have had no access to credit 
data.  He exploited whom he worked for in order to gain information from 
legitimate users of the credit data, and then passed along details of their 
accounts.

So if you are a credit reporting agency you are getting slammed here and 
for what.  Because someone who worked for a third party software supplier 
is supposed to have stolen and sold his employers software; and 
additionally gained  access to account information he (again allegedly) 
illegally received from folks who are supposedly credit agency 
customers.  This employee abused a trust relationship with his employer to 
gain access to the software and to his employers customers to gain access 
to accounts.

Inside knowledge and access remains a huge and difficult to quantify problem.

Liberty for All,

Brian

At 10:46 AM 12/15/2002 -0500, firewall-wizards-request () honor icsalabs com 
wrote:

> Message: 2
> Date: Sat, 14 Dec 2002 13:57:53 -0800 (PST)
> From: Mike Hoskins <mike () adept org>
> To: firewall-wizards () honor icsalabs com
> Subject: Re: [fw-wiz] Firewalls and 802.1q trunking
>
> From: t <miedaner () twcny rr com>
> > I like to say you that I can grab an employee by the collar and make him
> > stop what he is doing or prosecute.
>
> How about disgruntled employees with inside knowledge?  I don't like
> some of the hype surrounding many Internet-related statistics (they're
> generally made up to sell the product at hand), but you should also never
> get in the habit of dismissing potential threats.  Trust noone.  Also,
> it's typically cheaper to prepare than to deal with the mess after the
> fact (and explain potential downtime or data loss to clients).
>
> "Marcus J. Ranum" wrote:
> > The "80% of attacks come from the inside" statistic that
> > has been broadly quoted by INFOSEC practitioners is, as far
> > as I can tell, completely made up. In fact, the shocking
> > results of a recent study revealed that 99.5% of statistics
> > regarding Internet Security are made up, or otherwise based
> > on flawed assumptions.*
>
> 99.5% of statistics are made up.  That's the game statisticians (get paid
> to) play.  ;)
>
> In general, if you just go around grabbing statistics without any attempt
> to verify data yourself or apply the results of the lated studies to your
> specific installation, needs, etc...  You'll waste a lot of money and end
> up with a security infrastructure that looks something like swiss cheese.
> If you're a security person, you're tasked with asset identification, risk
> analysis, etc.  Don't trust other people to do your work for you...  That
> goes for most things in life.
>
> --
> Mike Hoskins            This message is RFC 1855 compliant,
> mike () adept org          www.adept.org/pub/rfcs/rfc1855.html

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards