| Eric at Lucii.org on 12 Jul 2011 05:05:17 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] "IT Security for Non-Dummies"? |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't follow this very closely but I think the assumptions about the basics are, as you suspect, full of holes. There have been experiments where researchers have dropped specially modified USB memory sticks in the parking lots of businesses. Some significant percentage (about a third as I recall) of those ended up being plugged into the company computers. These were designed to just "phone home" so the researchers could measure the result but if they were malicious the system would almost certainly have been compromised. My understanding is that there have been two types of "break-ins" recently: 1. A clever social-engineering attack entices someone to open a malicious email or malicious web site and their computer becomes compromised. From there the attackers access the internal corporate network. This is how Google was attacked by the "Chinese" hackers. 2. A group uses exploits to gain access to the organization's public facing infrastructure (primarily the web sites) and access portions of the internal network from there. This is, I believe, how "Anonymous" and "LuSec"(sp?) have made the news recently. I think the bottom line is that systems have weaknesses (looking at you, Windows) and the users have weaknesses. In my opinion, the best way to mitigate the impact of these weaknesses is better hardening of the systems and networks and better education for the users about proper computer procedures. Eric On 07/12/2011 07:29 AM, Floyd Johnson wrote: > Reading about yet another e-break-in, as well as my suspicions that some > malware has been running loose in AOL's mail servers for months, has got > me worried. > > If we assume the basics-nobody at the hit organizations has opened > booby-trapped mail attachments, the Internet-facing systems have been > properly patched and locked down as to what traffic they will allow, any > experiments in WiFi include proper encryption and MAC ID restrictions, > and there are neither moles nor gullible persons among the staff-(1) > What are they doing so horribly wrong? (2) What should we be doing to > avoid replicating their mistakes? > > I am aware that my assumptions about such "basics" may have more holes > in it that a wheel of Jarlsberg, and that may be the first place to > start fixing stuff before it breaks. > > > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > - -- # Eric Lucas # # "Oh, I have slipped the surly bond of earth # And danced the skies on laughter-silvered wings... # -- John Gillespie Magee Jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4cOGwACgkQ2sGpvXQrZ/6O0QCg72+/i8DnFHQFwszIta6Q9dvq ivsAoMNagkDqyEziG5bwEy5WS1rRnWB8 =1u7g -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug