Eric at Lucii.org on 12 Jul 2011 05:05:17 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] "IT Security for Non-Dummies"?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't follow this very closely but I think the assumptions about the basics
are, as you suspect, full of holes.

There have been experiments where researchers have dropped specially modified
USB memory sticks in the parking lots of businesses.  Some significant
percentage (about a third as I recall) of those ended up being plugged into the
company computers.  These were designed to just "phone home" so the researchers
could measure the result but if they were malicious the system would almost
certainly have been compromised.

My understanding is that there have been two types of "break-ins" recently:

1. A clever social-engineering attack entices someone to open a malicious email
or malicious web site and their computer becomes compromised.  From there the
attackers access the internal corporate network.  This is how Google was
attacked by the "Chinese" hackers.

2. A group uses exploits to gain access to the organization's public facing
infrastructure (primarily the web sites) and access portions of the internal
network from there.  This is, I believe, how "Anonymous" and "LuSec"(sp?) have
made the news recently.

I think the bottom line is that systems have weaknesses (looking at you,
Windows) and the users have weaknesses.  In my opinion, the best way to mitigate
the impact of these weaknesses is better hardening of the systems and networks
and better education for the users about proper computer procedures.

Eric

On 07/12/2011 07:29 AM, Floyd Johnson wrote:
> Reading about yet another e-break-in, as well as my suspicions that some
> malware has been running loose in AOL's mail servers for months, has got
> me worried.
> 
> If we assume the basics-nobody at the hit organizations has opened
> booby-trapped mail attachments, the Internet-facing systems have been
> properly patched and locked down as to what traffic they will allow, any
> experiments in WiFi include proper encryption and MAC ID restrictions,
> and there are neither moles nor gullible persons among the staff-(1)
> What are they doing so horribly wrong? (2) What should we be doing to
> avoid replicating their mistakes?
> 
> I am aware that my assumptions about such "basics" may have more holes
> in it that a wheel of Jarlsberg, and that may be the first place to
> start fixing stuff before it breaks.
> 
> 
> 
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
> 

- -- 
#  Eric Lucas
#
#                "Oh, I have slipped the surly bond of earth
#                 And danced the skies on laughter-silvered wings...
#                                        -- John Gillespie Magee Jr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4cOGwACgkQ2sGpvXQrZ/6O0QCg72+/i8DnFHQFwszIta6Q9dvq
ivsAoMNagkDqyEziG5bwEy5WS1rRnWB8
=1u7g
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug