[531] in Intrusion Detection Systems
RE: Intrusions
daemon@ATHENA.MIT.EDU (Paul G. Seldes)
Thu Feb 1 00:42:11 1996
From: "Paul G. Seldes" <pgs@tisny.com>
To: "'Brad Powell'" <bpowell@topsun.West.Sun.COM>,
"ids@uow.edu.au"
<ids@uow.edu.au>
Date: Wed, 31 Jan 1996 17:58:59 -0500
Reply-To: ids@uow.edu.au
Sorry. But you can't disagree with the analogy. I have clients who DO =
feel that way. I would not suggest following that approach for exactly =
the reasons that you suggest. But less technically literate businesses =
do follow that. And that is part of the reason that there is such a =
general perception the Internet is lawlesss and prone to such attacks.
Thanks=20
----------
From: Brad Powell[SMTP:bpowell@topsun.West.Sun.COM]
Sent: Monday, January 29, 1996 5:36 PM
To: ids@uow.edu.au
Subject: Re: Intrusions
Paul writes:
>From: "Paul G. Seldes" <pgs@tisny.com>
>To: "'ids@uow.edu.au'" <ids@uow.edu.au>
>Subject: Intrusions
>Date: Sun, 28 Jan 1996 08:45:39 -0500
>=20
>One thing to keep in mind is that it is often to ensure that intruders =
=3D
>can't do anything on a system rather than try to prevent them from =3D
>intruding in the first place. =3D20
>If you break into a safe, and there is nothing there....you leave.
>This angle works for many businesses and users.
I disagree strongly with this analogy Paul.=20
It doesn't work in cyberspace or Internet today.=20
If an intruder breakes into an Internet site and there is nothing there=20
he/she/it doesn't nessasarily leave. Commonly a back-door is built into=20
your "safe" (internet host) assuming that in the future something might=20
be valuable there.=20
Additionally breaking into a safe assumes that your safe isn't connected =
to all the other safes in the world. In the case of Internet they are
all connected. Thus breaking into one site means an intruder can set a =20
a sniffer and watch Internet traffic of your neighbors and gleen their=20
login/password strings. They can also attack other sites and the attack=20
appears to come from you.=20
No this analogy doesn't quite fit (imnsho)
>=20
>Some of my clients have a minimum level of security to secure against =
=3D
>the "average" hacker. These clients have no exposure if compromised. =
=3D
wrong as per above. =20
not a flame, I just disagree.
Brad
