Firewall Wizards mailing list archives
Re: Intrusion Detection and MUCH more
From: Ziv Dascalu <ziv () abirnet com>
Date: Thu, 18 Dec 97 10:27:11 +0200
--- On Thu, 18 Dec 1997 00:29:20 GMT Edward Cracknell <edward () securIT net> wrote:
Ok, Outsourcing firewalls and security certainly went on for a while. I don't want to prolong any threads beyond their natural life, nor do I submit issues to provoke an unhealthy level of debate.......(oh, you saw this coming......) however, I'd like to make a statement regarding Intrusion Detection..... Can *we* call the internal monitoring of networks behind a firewall 'Intrusion' Detection when we are looking to identify 'insider' crime. Surely this is not an intrusion if perpetrated by someone who is meant to be there? I'm just concerned that we title this thing incorrectly in the early stages and mislead customers when selling this. I accept that the industry pushes forward with a multi-billion dollar firewall market embrace, when the obvious threat comes from a source which statistics show to be responsible for only 40% of all reported computer crime at best. Many surveys state that insider crime accounts for up to 81% of reported crime, others say 60%. My boss and mentor attributes the change from 81% down to 60% due to an increase in Internet and external network crime. So why do businesses appear to 'accept' insider crime when the type of crime committed by insiders is typically financial, whereas external crime equates more often than not, to nothing more than the drawing of spectacles and a moustache on an expensive painting? ----------------------------------------------------------------- Edward Cracknell - <edward () SecurIT net>
well said, intruders detection is really defined by the needs of the organization, one may even say that if a sales person access the internal web page, or database of HR or marketing it is considered as such. this is why internal network monitoring, as a whole is important and you can not just say "if these specific patterns appear on a session then this is an intrusion detection", it is MUCH MUCH more then this Ziv Dascalu <Ziv () AbirNet com> ...===== A B I R N E T Active Network Protection ( http://www.abirnet.com ) =====
Current thread:
- Intrusion Detection Edward Cracknell (Dec 17)
- Re: Intrusion Detection Bret Watson (Dec 19)
- Re: Intrusion Detection and MUCH more Ziv Dascalu (Dec 19)