Firewall Wizards mailing list archives
Re: Intrusion Detection
From: Bret Watson <lists () bwa net>
Date: Thu, 18 Dec 1997 14:48:13
At 12:29 AM 12/18/97 GMT, Edward Cracknell wrote:
Can *we* call the internal monitoring of networks behind a firewall 'Intrusion' Detection when we are looking to identify 'insider' crime. Surely this is not an intrusion if perpetrated by someone who is meant to be there? I'm just concerned that we title this thing incorrectly in the early stages and mislead customers when selling this.
I think it comes from the physical model - intrusion detection is about detecting intruders (obviously). So what is an 'intruder'? Perhaps a good definition is something like 'what is a weed? - a plant out of place'. Similarly we can define an intruder as a person out of place, someone who is where they shouldn't be at that time.
crime at best. Many surveys state that insider crime accounts for up to 81% of reported crime, others say 60%. My boss and mentor attributes the change from 81% down to 60% due to an increase in Internet and external network crime.
ACARB (an australian association) claims insiders are involved in up to 95% (if I remember correctly) of computer related crimes. I think this includes insiders sharing info such as work patterns etc...
So why do businesses appear to 'accept' insider crime when the type of crime committed by insiders is typically financial, whereas external crime equates more often than not, to nothing more than the drawing of spectacles and a moustache on an expensive painting?
Face. A business loses face if they are found to have their own personnel being disloyal - therefore quietly give the person the shove or sideline them and keep it all under the covers. Otherwords, they are concerned, but just don't want to know that it could happen to them. In some countries (like Aust) there are major union problems as well - network monitoring could show up just how little work the employees are doing, or show how much company bandwidth is being used to download porn... Cheers, Bret Technical Incursion Countermeasures Providing the means for your company's self-defense consulting () ticm com http://www.ticm.com/ ph: (+61)(08) 9429 8898(UTC+8 hrs) fax: (+61)(08) 9429 8800
Current thread:
- Intrusion Detection Edward Cracknell (Dec 17)
- Re: Intrusion Detection Bret Watson (Dec 19)
- Re: Intrusion Detection and MUCH more Ziv Dascalu (Dec 19)