Home page logo

basics logo Security Basics mailing list archives

RE: Law office recommendations?
From: "Ken Kousky" <kkousky () ip3inc com>
Date: Tue, 18 Feb 2003 09:49:29 -0500

One of their biggest exposures is their open conference rooms that allow
guests to sniff across the segment. I tell the story of being in a fancy
law office with powerful litigators and investment bankers all cranking
away on their portables as they stare each other down across the table -
a little dsniff or ethereal allows the opposition to trap the clear text
traffic their emailing back to hq. 

We teach everyone to pen test from inside out, not just outside in.
Social engineering is a far greater concern I think - that and strong
password vulnerabilities.


-----Original Message-----
From: Tim Heagarty [mailto:tim () heagarty com] 
Sent: Monday, February 17, 2003 12:36 PM
To: security-basics () securityfocus com
Subject: Law office recommendations?


I wish to pick the collective brain for a moment if I may.

I am working up an initial service quote for a law office of 100+
and 45+ attorneys. Do you have any recommendations of areas to be sure
get into the Risk Analysis? They've already been hit by Slammer and a
kiddie "pubber". I just want to be on my toes as I have not worked for
attorneys before and all those sharks in the water makes me want to do
one really well.

Also, if there's a more appropriate list for this I'd be glad to move
discussion to it.

Thanks everyone,

Tim Heagarty MCSE, MCP+I
"There are only 10 kinds of people in the world, those that understand
binary, and those that don't."
Work: (928) 636-0489
Cell: (928) 533-9690

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]