Re: Telnet disabled by default

[Thornton Prime <thornton yoyoweb com>]

On Thu, 10 May 2001, Dan Stromberg wrote:

> On Tue, May 01, 2001 at 08:14:42AM -0700, Thornton Prime wrote:
> > o The majority of systems abuse is orchestrated by an "inside" person,
> > either maliciously or unwittingly.
>
> This gets repeated a LOT, but I don't think it's true anymore.  How
> much bigger is the internet than your office?

It's not about quantity of hackers, but the level of trust given internal
users.

> I did a simple survey once.  I forget the percentage, but breakins
> from outside dwarfed breakins from inside.

As network administrators we are often blinded by the potency of
remote breakins, when remote breakins are really just a means to an end --
access. The problem is that your internal users already have access, and
we often forget it is much easier to move from one access level to a
higher access level than it is to move from no access to a higher access
level.

I'm not sure what survey you did, but the reports I've seen published by
Gartner and others always point to internal systems abuse being a much
more prevalent and expensive problem. As I pointed out, it is not always a
malicious employee, but often one who is misguided or undereducated.

Trojans and social hacks are easy ways for remote hackers to take
advantage of gullible users who you've affored a level of trust.
Especially in the tech industry, some employees are not necessarily
disgruntled, but just curious, and they can do a lot of damage.
Disgruntled employees and corporate spys are a very serious and real
problem.

At one company I was at, a curious employee sniffed out the CFOs
password and stumbled across the payroll. It was devestating for the
company. The company probably won't recover, where they did recover from
other security breaches in the past.

Anyway, we shouldn't imagine that good security ends at the firewall. Good
security is broad and deep.

thornton