[5832] in cryptography@c2.net mail archive
Re: Internal vs external threats, any references?
daemon@ATHENA.MIT.EDU (amir.herzberg@il.ibm.com)
Sun Oct 3 20:58:02 1999
From: amir.herzberg@il.ibm.com
To: Jeff.Hodges@stanford.edu, cryptography@c2.net
Message-ID: <C12567FF.000440F4.00@d12mta02.de.ibm.com>
Date: Sun, 3 Oct 1999 03:38:43 +0300
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
Jeff says/asks,
> A commonly-held conception in the commercial world (in my experience) is that
> most threats to "corporate security" come from the Internet-at-large, and
> therefore being behind a firewall is a Good Thing and generally Sufficient.
I believe this is a very wrong notion. However I want to point out that even if
one is concerned only/mainly about external threats, a firewall is still only a
very limited solution. In fact, I believe firewalls are no match for a
determined attacker, for the following simple problem with the firewall approach
(rather than with a specific one): firewalls cannot prevent a program running on
the internal network from bypassing it. Now, getting one program to run in one
computer within an organization is fairly easy - any good trojan horse or virus
can do this. So, a determined attacker can by pass any firewall - and
organizations should use additional tools to defend. (and this time I'll stop
here :-)
> Of course there are many references in the literature which dispute that
> one-sided posture, and it is a reasonably commonly-held (again in my
> experience) amongst security weanies that just as many if not more threats may
> emanate from within one's organization (a university being an canonical
> example), but I haven't uncovered any references that directly cite evidence
> quantifying this perception.
I actually remember there being some numbers but I'll have to leave the quote to
these with more stable memory (chips?)...
Best Regards,
Amir Herzberg
Manager, E-Business and Security Technologies
IBM Research Lab in Haifa (Tel Aviv Office)
http://www.hrl.il.ibm.com
New e-mail: amir@il.ibm.com
New Lotus notes mail: amir herzberg/haifa/ibm@IBMIL
