[630] in Intrusion Detection Systems
I'm with Gene
daemon@ATHENA.MIT.EDU (owner-ids@uow.edu.au)
Fri Feb 23 01:59:02 1996
From: owner-ids@uow.edu.au
Date: Wed, 21 Feb 1996 18:06:54 -0600 (CST)
To: ids@uow.edu.au
In-Reply-To: <199602210347.WAA21949@uther.cs.purdue.edu>
Reply-To: ids@uow.edu.au
On Tue, 20 Feb 1996, Gene Spafford wrote:
> 4) This whole thread is getting far afield of IDs. I already dropped
> my subscriptions to several other security mailing lists because they
> had a high noise level from people who had installed "crack" and
> "COPS" and thus decided they were security experts. Please let's not
> let that happen to this list too? Can we please go back to intrusion
> detection as a topic?
>
> For instance, let's get back to the fact that more than 75% of system
> abuses in typical commcercial environments comes from insiders. Is
> anyone looking at what is different about these insiders that can be
> detected or monitored?
>
> --spaf
>
I'm with Gene i've dropped so many list in the last few months. However
on the topic of insiders attacks. Internal security is a nessary to
maintian a safe system. There are howerver, a few simple rules that i
have incountered that will help you along in this field.
1) Network security is a key to a secure working enviroment. Do not
leave simple things uncovered. example Novell is a batchfile OS so
secure it, do not allow users to execute it's sudo-dos commands.
2. I'm not a windows expert but i've hear NT has a good passwd
program unlike Novell which is all text based.
2) Teach your people that hacker love the telephone. If you got a dumb
person answering fones with a account on your system and they call in
your introuble. Example "Hello this is Rob johnson down in maintance i
need you to tell me your login and passwd so i can fix your account" Most
people will give that info out.
3) I got some others if anyone cares to continue this theme.
