RE: Cyber hype

[InfoSec News <isn () c4i org>]

Forwarded from: Pete Lindstrom <petelind () comcast net>

It certainly bears repeating that insiders are a large risk, if only
because no matter how often we say it, it gets ignored. But I am not
sure it is appropriate or even reasonable anymore to equate 'insider
people' and 'inside the firewall' as the same thing. Certainly, these
days it is common to have insiders accessing systems from outside the
firewall and to have outsiders already inside the firewall. (I
sometimes wonder if the whole insider/outsider debate was really just
a lot of grousing about the commercial success of the firewall - what
exactly is an 'insider' in today's world of outsourcing, contractors,
temps, former employees, and business partners, anyway?)

Regardless, I am not sure how your comments fit in with the context of
the article, which is about cyberterrorism. Debunking cyberterrorism
is getting more popular these days, with perhaps the best debunk
article being Rob Lemos' CNET article at
http://news.com.com/2009-1001-954780.html and the best commentary
Thomas Greene's on The Register
http://www.theregister.co.uk/content/6/27819.html. These types of
articles are useful for the security community to ensure it isn't
'eating its own dogfood' and indicative of how we will all be
scrutinized more carefully about our opinions and attitudes when it
comes to applying security within an organization. I think we all may
need to be less hyperbolic and apply more intellectual rigor than we
ever have in the past. (Now, I digress ;-)).

Not every attack is a 'cyberterrorist' attack. There are plenty of
other motives to go around - like plain old money in the case of the
identity theft ring (and the movie 'Die Hard' for that matter ;-)).
But I would suggest that in the case of 'cyberterrorism,' attacks are
at least equally likely to come from an external location, and if you
count unsuccessful attacks (don't know why we wouldn't), much more
likely.

Regards,

Pete

Pete Lindstrom
Research Director
Spire Security, LLC
P.O. Box 152
Malvern, PA 19355
phone: 610-644-9064
fax: 610-644-8212
petelind () spiresecurity com
www.spiresecurity.com
 
"clarity makes the security world stronger"
 


-----Original Message-----
From: owner-isn () attrition org [mailto:owner-isn () attrition org] On Behalf
Of InfoSec News
Sent: Monday, December 09, 2002 3:52 AM
To: isn () attrition org
Subject: Re: [ISN] Cyber hype


Forwarded from: JohnE37179 () aol com

Mike Butcher's article in The Guardian fires wide of the mark. If there
is a cyber attack it will most likely come from inside firewall rather
than outside the firewall. As the identity theft story from last week
demonstrated, unauthorized access to secure systems are not necessarily
hacker attacks using technology, but facilitated by compromised or
corrupt insiders. Kevin Mittnick, the King of Social Engineering was
able to gain access by guile as often as by hacking or cracking.

It is the insider and his or her confederates compromising the system
from inside the firewall we need to worry about, not the attack from
outside the firewall.


John Ellingson
CEO
Edentification



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.