Showing Need for Security - Eye Popping Examples wanted

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft
Date:  
Subject: Showing Need for Security - Eye Popping Examples wanted
>From a nice, credible source that pointy-hairs can appreciate:

"But, says Brill, in his experience computer security problems involve
someone inside the corporation about 90 percent of the time; FBI
estimates peg the figure at 85 percent."

"If you think the greatest threat to information security comes from the
outside--competitors, hackers or
viruses--think again. Those external threats will only distract you from
the dangers you face from inside your own organization."

http://www.cio.com/archive/061596/security_content.html
June 15, 1996 Issue of CIO Magazine

Regards,

George




Tony Wasson wrote:
>
> > Trick 1. Stick a Knoppix CD in, reboot, run ethereal on the same LAN
> > segment as the CSR's.
> >
> > Trick 2. If you are using a switch, flood the switch into failing - it
> > becomes a hub. Snoop away.
> >
> > Trick 3. Make sure you have written permission, signed by the highest
> > ranking officer of the company you can find before you do anything like
> > this.
>
> My guess is that my audience doesn't know the difference between a hub and a
> switch. Is capturing packets going to impress them? Maybe if it were
> capturing passwords??? Like the dsniff tools just catching passwords. This
> isn't an in office demonstration, so I shouldn't need any waivers, but
> thanks for the legal advice.
>
> > A 1997 study released by the FBI showed 15% of the security problems
> > came from Internet "Hackers," 15% from contractos and 70% from
> > employees. 85% of the problems came from inside the walls.
> > Unfortunately, 85% of the effort (for most companies) goes to blocking
> > the 15%.
>
> These are the numbers I am trying to impress - the threat already sits at a
> computer and gets a check on payday.
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss