Firewall Wizards mailing list archives
Re: What about Traffic Analysis?
From: Henry Hertz Hobbit <hhhobbit () icarus weber edu>
Date: Fri, 7 Aug 1998 13:36:46 -0600 (MDT)
On Thu, 6 Aug 1998, Bennett Todd wrote:
1998-08-06-15:28:33 Adam Shostack:Ok, so the assembled wizards have declared trying to understand the content of messages to be a loss, which is toughly correct. What about performing traffic analysis on the mail flow? Catching information by spikes in the places people send mail? Sending files to the competition? Is this worthwhile? (Assume trapping messages that hit some threshold.)If the environment (views of right and wrong, opinions about the law safely guided by those views:-) support reading other peoples' mail looking for misbehavior, then traffic analysis will be very fruitful.
When I worked for WordPerfect, they handled this simply by declaring all mail either going or coming to any individual to be *their* mail. This included both snail-mail and email. Why somebody would be sending their resume from a company is beyond me. On the other hand, what do you do about them getting calls from another company on company phones. I start to see that things can get so out of hand that the people working for that company that is taking such dictatorial steps will no longer like or want to work there. You have to work out some sort of balance that both protects the company but is not so repressive that workers begin to leave the place. IMHO, WordPerfect in many ways shot itself in the foot with some of its policies. Sure, you don't want any of your company's private and confidential information going out the door, but just how far should you go? In other words, if somebody is selling information about the company, you want to hang them high and dry. If they are inadvertently letting information slip out, you may want to just warn them that what they are doing is wrong without breathing down on them with the fiery breath of a dragon. In other words, let the policy drive the choice of tools that you use. If you have somebody that is shipping confidential stuff out in pictures, they are most likely to be technically literate. If you are a site developing DoD or other sensitive stuff, you may not even want a connection at all depending on what you are working on. Having said that, I would be loathe to work for a company that snips all of the wires out completely. How in the world will you keep up with the technology advances with that kind of an isolationist stance? Russia tried it, and look what happened to them... The screening of your people should have taken place LONG before you start sifting email. Again, that is a policy decision about who and who not to hire. How many companies do drug tests today? A policy decision, and one that shows to me the level of commitment most companies have to do background checks on people is extremely low. For myself, I consider a drug test an insult! I have never used illegal drugs in my life. Do companies I have talked to ask about that? NO. In other words, it strikes me that they didn't do enough checking at the start when and where most companies should be doing it. Just my 0.02 worth... HHH
Current thread:
- What about Traffic Analysis? Adam Shostack (Aug 06)
- Re: What about Traffic Analysis? Bennett Todd (Aug 07)
- Re: What about Traffic Analysis? Ted Doty (Aug 07)
- Re: What about Traffic Analysis? Henry Hertz Hobbit (Aug 07)
- Re: What about Traffic Analysis? Ted Doty (Aug 07)
- Re: What about Traffic Analysis? Adam Shostack (Aug 07)
- <Possible follow-ups>
- Re: What about Traffic Analysis? Ryan Russell (Aug 07)
- Re: What about Traffic Analysis? Stephen P. Berry (Aug 07)
- RE: What about Traffic Analysis? Jeff Sedayao (Aug 07)
- RE: What about Traffic Analysis? Peter Mayne (Aug 11)
- Re: What about Traffic Analysis? Bennett Todd (Aug 07)