[635] in Intrusion Detection Systems
Re: [AFWD] Re: Question. (Was re:hacker's intro)
daemon@ATHENA.MIT.EDU (Antonio)
Sun Feb 25 19:42:37 1996
Date: Fri, 23 Feb 96 14:04 CST
To: owner-ids@wyrm.its.uow.edu.au
From: Antonio <ruccia@mail.serve.com>
Reply-To: ids@uow.edu.au
>>For instance, let's get back to the fact that more than 75% of system
>>abuses in typical commcercial environments comes from insiders. Is
>>anyone looking at what is different about these insiders that can be
>>detected or monitored?
>>
>>--spaf
>>
>
>I agree that the noise level is a little high. I joined the list to learn
>more about IDS and security (I have installed crack and COPS but don't
>consider myself a security expert yet). What about sniffing inside a
>firewall. Is there any way yet of possibly detecting a sniffer?
>
>-Chris
Chris,
When you begin installing sniffers within your organizations, you need to
look at the issue of violation of an individuals privacy. ***Now before you
go ranting*****, allow me to explain...
Justification is the only weapon you will have when you approach your
"boss", at whatever level that might be in gaining aproval for such a tool
to be used. If prior approval is not obtained and one of the "users" finds
out...there will be hell to pay in explaining why you were not just
targeting one workstation...or any number of other questions which are bound
to pop up.
My basis for my statement is based on the fact that I work for the DoD and
this is a CRITICAL element when we are looking at a system/site.
Tony
If You Don't Do It Right The First Time...
Be Prepared To Make Time To Do It Over....D.R.J.
Visit my Home Page: http://www.serve.com/ruccia
