Firewall Wizards mailing list archives

Re: Intrusion Detection and MUCH more

From: Ziv Dascalu <ziv () abirnet com>
Date: Thu, 18 Dec 97 10:27:11 +0200


--- On Thu, 18 Dec 1997 00:29:20 GMT  Edward Cracknell <edward () securIT net> wrote:

Ok, 

Outsourcing firewalls and security certainly went on for a while. I
don't want to prolong any threads beyond their natural life, nor do I
submit issues to provoke an unhealthy level of debate.......(oh, you
saw this coming......) however, I'd like to make a statement regarding
Intrusion Detection.....

Can *we* call the internal monitoring of networks behind a firewall
'Intrusion' Detection when we are looking to identify 'insider' crime.
Surely this is not an intrusion if perpetrated by someone who is meant to
be there? I'm just concerned that we title this thing incorrectly in the
early stages and mislead customers when selling this.

I accept that the industry pushes forward with a multi-billion dollar firewall
market embrace, when the obvious threat comes from a source which
statistics show to be responsible for only  40% of all reported computer
crime at best. Many surveys state that insider crime accounts for up to
81% of reported crime, others say 60%. My boss and mentor attributes the
change from 81% down to 60% due to an increase in Internet and external
network crime.

So why do businesses appear to 'accept' insider crime when the type of
crime committed by insiders is typically financial, whereas external
crime equates more often than not, to nothing more than the drawing of
spectacles and a moustache on an expensive painting?
-----------------------------------------------------------------
Edward Cracknell - <edward () SecurIT net>



well said, intruders detection is really defined by the needs of the organization, one 
may even say that if a sales person access the internal web page, or database of HR or marketing 
it is considered as such.
this is why internal network monitoring, as a whole is important and you can not just say "if 
these specific patterns appear on a session then this is an intrusion detection", it is MUCH 
MUCH more then this

Ziv Dascalu <Ziv () AbirNet com>

...=====  A B I R N E T          Active Network Protection  ( http://www.abirnet.com ) =====

Current thread:

Intrusion Detection Edward Cracknell (Dec 17)
- Re: Intrusion Detection Bret Watson (Dec 19)
- Re: Intrusion Detection and MUCH more Ziv Dascalu (Dec 19)