re: "It's ok we're behind a firewall"

[H C <keydet89 () yahoo com>]

> "It's ok we're behind a firewall"

Well, depending on the issue, that may be a valid
answer, particularly when qualified w/ other security
mechanisms.

> 1. Still a large majority of computer crime (data
theft
> damage etc) is caused by people who have access to 
> internal systems ... is there anywhere that I can
get
> facts and figures to support this?

The CSI/FBI survey usually says this...but I'm not
really convinced.  Take into account the method of
information gathering...it's a survey, rather than
data collected from actual cases.  Looking at the
spate of worms that have far-reaching success (CR,
Nimda, Slammer) one has to really look hard at the
respondant's capability to accurately detect and then
resolve security incidents.

However, the numbers are there, if you need them.

> 3. Firewalls can be breached or misconfigured ...

Most folks in the security arena understand this. 
And, of course, it's proven time and again.

> 4. Firewalls can be bypassed -

You're correct.  That's why there needs to be a
layered approach to security.  I work for a small
company, and we have A/V on the email server, as well
as the desktops.

> Are there any sites out there with the facts and
> figures about internal exploits and cautionary tales
> about disgruntled employees or IT savvy nighttime 
> cleaners?

If you're able to find anything, please post it in the
lists.  Most of what I've seen so far has been
anecdotal at best.  Unfortunately those kinds of
specifics just don't seem to be made public...for more
reasons than I'd like to go into.



__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/