On Nov 29, 2007, at 1:39 PM, Tracy R Reed wrote:
I have heard this a lot but I have never run into an inside job situation in all of my time as a sysadmin.
You've never run into an inside job situation *that you know of.* How do you know that the secretary who knew the sales guy's CRM password didn't dump a whole list of leads and give them to a competitor she met at the gym for some cash?
What about the employee who sat down at the HR person's desk and looked up everyone's salaries?
No, the number of instances of some administrative assistant coming in and prodding server ports until he found that exploitable IMAP daemon that let him root a server and install a botnet are probably few and far between (that sort of behavior is best left to disgruntled IT employees). But there are lots of smaller security breaches that occur all the time from inside people, and that's where the statistics come from.
-- Joshua Penix http://www.binarytribe.com Binary Tribe Linux Integration Services & Network Consulting -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
