Re: What exactly is a sysadmin/security officers job

[Frank Willoughby <frankw () in net>]

At 05:56 PM 12/8/97 EST5EDT, Jim Leo wrote:

> I've really enjoyed the Out-sourcing vs In-house debate thus far. 
> However, I'm curious, just exactly what do most of the 
> list-subscribers do when an attempt at intrusion occurs? 

What a company does depends on many factors such as their InfoSec 
& HR policies, what damage was done, who initiated the attack, etc,
what constitutes an intrusion, and the whim of whoever is calling
the shots.  Most companies won't attempt to call out the big guns 
every time some attempts to hack them.  If the attackers are successful 
in breaking in, then the appropriate law enforcement resources will 
probably be brought to bear on the problem.


> Exactly what 
> is classified as an intrusion.

This depends on who you talk to.  An intrusion is usually a breakin 
attempt which may or may not result in the successful penetration
of a system, network, or application by (what appears to be) 
unauthorized entities.  Case in point - the VMS command $SHOW INTRUSIONS
will show the number (and suspected origin) of incorrect attempts to 
gain access to the system after a certain threshold has been passed.


> Does using any one of the numerous 
> scanning tools out there (asmodeous, ISS, strobe, etc) constitute an 
> intrusion attempt, or just 'knob twiddling'? 

In my book, knob twiddling is an intrusion attempt.


> How does one deal with 
> it. And yes I know about management policy, I'm curious just what 
> others are doing in the security arena.

Usually, an organization will have a policy which will prohibit
the testing of its internal systems and networks by anyone unless 
they have permission in writing from approved entities (such as 
the Corporate Information Security Office).

As mentioned above, the course of action depends on a multitude
of factors (which I won't go into right now).  Depending on the
circumstances, actions taken could be everything from doing
nothing to prosecuting the offender to the fullest extent of the
law (incl. civil suits to recover damages).


> Jim Leo
> admin () everett pitt cc nc us

Best Regards,


Frank
The opinions of the author of this mail may not necessarily be 
representative of the opinions of Fortifed Networks, Inc.

Fortified Networks, Inc. - http://www.fortified.com/
Expert (vendor-neutral) Computer and Network Security Solutions
Phone: (317) 573-0800     Fax: (317) 573-0817