Showing Need for Security - Eye Popping Examples wanted

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Tony Wasson
Date:  
Subject: Showing Need for Security - Eye Popping Examples wanted
> Trick 1. Stick a Knoppix CD in, reboot, run ethereal on the same LAN
> segment as the CSR's.
>
> Trick 2. If you are using a switch, flood the switch into failing - it
> becomes a hub. Snoop away.
>
> Trick 3. Make sure you have written permission, signed by the highest
> ranking officer of the company you can find before you do anything like
> this.


My guess is that my audience doesn't know the difference between a hub and a
switch. Is capturing packets going to impress them? Maybe if it were
capturing passwords??? Like the dsniff tools just catching passwords. This
isn't an in office demonstration, so I shouldn't need any waivers, but
thanks for the legal advice.

> A 1997 study released by the FBI showed 15% of the security problems
> came from Internet "Hackers," 15% from contractos and 70% from
> employees. 85% of the problems came from inside the walls.
> Unfortunately, 85% of the effort (for most companies) goes to blocking
> the 15%.


These are the numbers I am trying to impress - the threat already sits at a
computer and gets a check on payday.