Hi Peter, my input is not an attack strategy at all. My input assumes Simbwa has successfully gotten to those lines of defense and is then faced with resolving the questions at hand.
Also, this is not the jurisdiction of the corporate sys admin we are discussing, rather that of the security admins and managers. > Davis' plan is actually flawed from the outset. > > Phillip's attack is NOT at the bank (stanbic in his example) > > The attack is at a corporate client of Stanbic's who uses stanbic's online > banking interface. > > And his attack isn't completely hypothetical. Both him and I have worked > at > one such corporate client and helped to install the said stanbic software. > And the IT security at this company was non-existent on the internal > network. > > This paragraph actually made me chuckle. Is this Uganda we're talking > about? I've done aircrack cracks on a number of corporate wireless > networks > and there's a lot of WEP and WPA1 out there. And I know many corporate > system administrators who wouldn't be able to expand a single one of the > abbreviations in this paragraph. Yes, even SSL. > > "Goodness, in the corporate world, security does not mean passwords, > actually PAP is the least secure, leverage schemes like CHAP, DIAMETER, > RADIUS, TACACS/TACACS+ yet even at the port level you have EAP, security > goes even to the physical level to leverage Quantum cryptography; PKI, > RSN, TLS/SSL, DNSsec, IPsec, PGP, etc are all there for you to use. You > have so many strategies for protection, forget the days of GSM and WEP or > even DES for that matter. At the human interface you have a range of > multi-factor authentication schemes, Biometrics is also cheap nowadays > (assume FAR is a myth, yet even if not, you could leverage the multi > factor scheme)" > > > P. > > -- > Evolution (n): A hypothetical process whereby infinitely improbable events > occur with alarming frequency, order arises from chaos, and no one is > given > credit. > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
