[LINK] FBI targets suspects' pcs with spy virus
Fri, 23 Nov 2001 17:00:16 +1000 (EST)
On 23 Nov, Chirgwin, Richard wrote:
> As an aside to this, it surprises me that there's far less discussion of
> system-level trust in the security/privacy debate.
> For example, there are plenty of situations where the easiest way to
> compromise systems is inside the boxes rather than outside (remembering that
> unauthorised access is most commonly an inside job).
Sigh - internal security (and internal security threats such as
disgruntled employees, contractors etc) is at least as big a problem as
external security threats. Unfortunately, because such problems are
frequently hushed up, there are no terribly reliable statistics on this
(or for that matter aboutr external security compromises).
When talking about internal security with customers, I always stress...
1) Technical issues are easy - people issues are difficult.
One effect of this is that if staff are not involved in so that
they feel they 'own' the security policy and the policy ends up
making their lives difficult (likely), they will spend time finding
ways to circumvent this. On one site I dealt with, this lead to a
laptop user dialing out to their ISP connection whilst still
connected to the internal LAN!
2) Physical security is as important as electronic security. I dealt
with one (ASX listed) company had its servers in the open office
area, accessible to anyone!
Robert Hart firstname.lastname@example.org
Strategic IT & open source consulting +61 (0)438 385 533
Brisbane, Australia http://www.interweft.com.au