RE: Law office recommendations?

["Ken Kousky" <kkousky () ip3inc com>]

One of their biggest exposures is their open conference rooms that allow
guests to sniff across the segment. I tell the story of being in a fancy
law office with powerful litigators and investment bankers all cranking
away on their portables as they stare each other down across the table -
a little dsniff or ethereal allows the opposition to trap the clear text
traffic their emailing back to hq. 

We teach everyone to pen test from inside out, not just outside in.
Social engineering is a far greater concern I think - that and strong
password vulnerabilities.


KWK
IP3

-----Original Message-----
From: Tim Heagarty [mailto:tim () heagarty com] 
Sent: Monday, February 17, 2003 12:36 PM
To: security-basics () securityfocus com
Subject: Law office recommendations?

Hello,

I wish to pick the collective brain for a moment if I may.

I am working up an initial service quote for a law office of 100+
associates
and 45+ attorneys. Do you have any recommendations of areas to be sure
to
get into the Risk Analysis? They've already been hit by Slammer and a
script
kiddie "pubber". I just want to be on my toes as I have not worked for
attorneys before and all those sharks in the water makes me want to do
this
one really well.

Also, if there's a more appropriate list for this I'd be glad to move
this
discussion to it.

Thanks everyone,

Tim Heagarty MCSE, MCP+I
"There are only 10 kinds of people in the world, those that understand
binary, and those that don't."
Work: (928) 636-0489
Cell: (928) 533-9690