Firewall Wizards mailing list archives
Re: What exactly is a sysadmin/security officers job
From: Frank Willoughby <frankw () in net>
Date: Tue, 09 Dec 1997 08:26:59 -0500
At 05:56 PM 12/8/97 EST5EDT, Jim Leo wrote:
I've really enjoyed the Out-sourcing vs In-house debate thus far. However, I'm curious, just exactly what do most of the list-subscribers do when an attempt at intrusion occurs?
What a company does depends on many factors such as their InfoSec & HR policies, what damage was done, who initiated the attack, etc, what constitutes an intrusion, and the whim of whoever is calling the shots. Most companies won't attempt to call out the big guns every time some attempts to hack them. If the attackers are successful in breaking in, then the appropriate law enforcement resources will probably be brought to bear on the problem.
Exactly what is classified as an intrusion.
This depends on who you talk to. An intrusion is usually a breakin attempt which may or may not result in the successful penetration of a system, network, or application by (what appears to be) unauthorized entities. Case in point - the VMS command $SHOW INTRUSIONS will show the number (and suspected origin) of incorrect attempts to gain access to the system after a certain threshold has been passed.
Does using any one of the numerous scanning tools out there (asmodeous, ISS, strobe, etc) constitute an intrusion attempt, or just 'knob twiddling'?
In my book, knob twiddling is an intrusion attempt.
How does one deal with it. And yes I know about management policy, I'm curious just what others are doing in the security arena.
Usually, an organization will have a policy which will prohibit the testing of its internal systems and networks by anyone unless they have permission in writing from approved entities (such as the Corporate Information Security Office). As mentioned above, the course of action depends on a multitude of factors (which I won't go into right now). Depending on the circumstances, actions taken could be everything from doing nothing to prosecuting the offender to the fullest extent of the law (incl. civil suits to recover damages).
Jim Leo admin () everett pitt cc nc us
Best Regards, Frank The opinions of the author of this mail may not necessarily be representative of the opinions of Fortifed Networks, Inc. Fortified Networks, Inc. - http://www.fortified.com/ Expert (vendor-neutral) Computer and Network Security Solutions Phone: (317) 573-0800 Fax: (317) 573-0817
Current thread:
- What exactly is a sysadmin/security officers job Jim Leo (Dec 08)
- Re: What exactly is a sysadmin/security officers job Adam Shostack (Dec 09)
- Re: What exactly is a sysadmin/security officers job Frank Willoughby (Dec 09)
- <Possible follow-ups>
- Re: What exactly is a sysadmin/security officers job Kurt A. Manske (Dec 09)