Showing Need for Security - Eye Popping Examples wanted
Tony Wasson
plug-discuss@lists.plug.phoenix.az.us
Fri, 9 Aug 2002 20:04:55 -0700
> Trick 1. Stick a Knoppix CD in, reboot, run ethereal on the same LAN
> segment as the CSR's.
>
> Trick 2. If you are using a switch, flood the switch into failing - it
> becomes a hub. Snoop away.
>
> Trick 3. Make sure you have written permission, signed by the highest
> ranking officer of the company you can find before you do anything like
> this.
My guess is that my audience doesn't know the difference between a hub and a
switch. Is capturing packets going to impress them? Maybe if it were
capturing passwords??? Like the dsniff tools just catching passwords. This
isn't an in office demonstration, so I shouldn't need any waivers, but
thanks for the legal advice.
> A 1997 study released by the FBI showed 15% of the security problems
> came from Internet "Hackers," 15% from contractos and 70% from
> employees. 85% of the problems came from inside the walls.
> Unfortunately, 85% of the effort (for most companies) goes to blocking
> the 15%.
These are the numbers I am trying to impress - the threat already sits at a
computer and gets a check on payday.