Home page logo
/

basics logo Security Basics mailing list archives

re: "It's ok we're behind a firewall"
From: H C <keydet89 () yahoo com>
Date: Thu, 20 Feb 2003 13:42:41 -0800 (PST)

"It's ok we're behind a firewall"

Well, depending on the issue, that may be a valid
answer, particularly when qualified w/ other security
mechanisms.

1. Still a large majority of computer crime (data
theft
damage etc) is caused by people who have access to 
internal systems ... is there anywhere that I can
get
facts and figures to support this?

The CSI/FBI survey usually says this...but I'm not
really convinced.  Take into account the method of
information gathering...it's a survey, rather than
data collected from actual cases.  Looking at the
spate of worms that have far-reaching success (CR,
Nimda, Slammer) one has to really look hard at the
respondant's capability to accurately detect and then
resolve security incidents.

However, the numbers are there, if you need them.

3. Firewalls can be breached or misconfigured ...

Most folks in the security arena understand this. 
And, of course, it's proven time and again.

4. Firewalls can be bypassed -

You're correct.  That's why there needs to be a
layered approach to security.  I work for a small
company, and we have A/V on the email server, as well
as the desktops.

Are there any sites out there with the facts and
figures about internal exploits and cautionary tales
about disgruntled employees or IT savvy nighttime 
cleaners?

If you're able to find anything, please post it in the
lists.  Most of what I've seen so far has been
anecdotal at best.  Unfortunately those kinds of
specifics just don't seem to be made public...for more
reasons than I'd like to go into.



__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]