Re: Internal Servers (noob post)

["R. DuFresne" <dufresne () sysinfo com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



A one off is not a statistic nor a trend, sorry.

Thanks,

Ron Dufresne

On Thu, 4 Jun 2009, Don Miesle wrote:

> Terry Childs, System Admin who hacked and then controlled the San Francisco 
> IT infrastructure is the most famous and recent. Talk to any Internal 
> investgations team at any major corporation (if they aren't confidential) 
> they will give you dozens
>
> Link on lessons learned from insider threats based on Terry Childs matter:
> http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=209100789
>
>
> On Jun 4, 2009, at 8:28 AM, R. DuFresne wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Wed, 3 Jun 2009, Gorgon Beast wrote:
> >
> >                 [SNIP]
> >
> > > Since many attacks happen from the inside anyway, you should protect those 
> > > machines. If you want to get really granular (which a lot of companies 
> > > are, lately), you can put your servers in an internal DMZ as well, behind 
> > > a firewall and only all authorized workstations to connect to them. This 
> > > take a lot of work to implement if you are already set up.
> >
> >
> > Insider threat is often stated, and the metrics I've seen on it do not seem 
> > to be backed up.  Can you back up yours here, with something solid on the 
> > actualy threat from internal users and admins?
> >
> >
> > Thanks,
> >
> > Ron DuFresne
> > - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >       admin & senior security consultant:  sysinfo.com
> >                       http://sysinfo.com
> > Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629
> >
> > These things happened. They were glorious and they changed the world...,
> > and then we fucked up the endgame.    --Charlie Wilson
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.5 (GNU/Linux)
> >
> > iD8DBQFKJ+gQst+vzJSwZikRAnuQAJ0dXvUVxlT6yXWjBXSI1EX5zkwCzACeK7zX
> > hfzCDdey2VAuiOieLZnMci0=
> > =WDkc
> > -----END PGP SIGNATURE-----
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can 
> > actually do a proper penetration test. IACRB CPT and CEPT certs require a 
> > full practical examination in order to become certified.
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually 
> do a proper penetration test. IACRB CPT and CEPT certs require a full 
> practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame.    --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFKMThgst+vzJSwZikRAjtzAKCwaGEc9zaGw1M9t5G1npwNVI36WACgzWAA
6CHA74fX8Ffx4oD4tekPYc0=
=yZiP
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------