Re: [FW1] groups

Fri, 30 Jun 2000 13:31:38 -0700 


Of course the servers should be hardened.  Even a little bit more security 
than out-of-the-box will help, and doesn't take long.  There are NT 
templates and unix scripts designed for just this purpose.  You have to 
configure the machine with its name, address, etc anyway, so why not add 
running the script?  I used Lance Spitzner's Solaris script and it took 
only seconds to run.

I remember reports claiming that the majority of computer compromises come 
from employees, or soon to be ex-employees.

Just for fun --
On the odds, the employees are a greater risk than the outside world.  Just 
making up numbers here.....
Start with 100% of people in the world
say 30% have access to computers that could be used to break into your systems
say 1% of those have some interest in breaking into systems somewhere
now how many of this 0.3% are interested in yours instead of some other 
company?

Now start with 100% of people in your company.
say 90% have access to computers that could be used to break into your systems
say 1% of them have some interest in breaking into computer systems somewhere
It sure would be a lot easier for them to break into yours than someone else's!

This is misleading, of course, because in absolute numbers there are many 
more people outside the company, but there are also many targets outside 
your company.

hermit1



At 03:46 PM 6/30/00 -0400, Ivan Fox wrote:

>There was an internal and informal "debate" between IT Ops Team and
>Developers that internal servers should be "hardened"!
>
>IT states that majority of hackers come from employees that even internal
>servers should be hardened.  The developers states that employees are
>trustworthy, if not, fire them.
>
>This organization has 20,000 employees in 30 locations all over the world
>and connected!
>
>What would be your take on this debate?
>Ivan



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to