-----BEGIN PGP SIGNED MESSAGE-----
In message <001301bed2c8$cb320e20$[EMAIL PROTECTED]>, "Brian Steele" wri
tes:
>Just to side-track this thread a little - I just received a call from
>someone in California, who said that one of our local dialup Internet
>customers was hacking his system! We determined who the customer was, but
>the problem is, what should our next step be? There are no local laws
>regarding hacking. Simply disabling the dialup account might open ourselves
>up to a lawsuit from the customer, particularly as we are the only providers
>of Internet service on the island (Grenada, West Indies).
If your acceptable use policy (terms of service, or whathaveyou) doesn't
cover this sort of thing, you need a new acceptable use policy. It
should include provisions for termination of luser's accounts in
situations such as those you describe. Such provisions should include
but not be limited to illegal activities.
Alternately, you could turn the indigenous legal climate into
a selling point, and start advertising yourself as a free-fire zone---I
imagine we'll see offshore hacker havens before too long[1], so now's
the time to get in at the ground floor[2].
Random aside: Real pros figure out what their incident response policy
is going to be -before- having to deal with actual incidents. Beyond
eliminating the sort of aimless floundering that typically accompanies
just winging it, in general policies that were formed by _ad hoc_ accretion
are doomed to be endlessly revised by the same mechanisms.
- -Steve
- -----
1 That is large-scale, self-professed, commercial hacker havens, rather
than merely _de facto_ hacker havens, which already exist.
2 Or sub-basement, or whatever the appropriate architectural analogue
would be.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBN5TXxCrw2ePTkM9BAQFA5AQA2xWD1/z69jHeFpTTKJKBf16A4RXkL8KR
1u/ZU+et8lDqrqGi//LgIWY7U76H2R2Lc4ur0gbYAqLnM/OCVTcqH7NL3Gt/7cQb
zNoia39eCdMfjVsGslvUTCcUx/zYOK7LZsOLrwxcQYzk6rrp4lGXtOtRPl2gzqxF
GDSImJZ53Kk=
=xo5I
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
