Several of us have been discussing in a thread at the Security Calayst
Community
Forums,
and we all have differing opinions on what constitutes an "insider
threat." In my opinion an insider threat is a party who has the
capability and intention of exploiting a vulnerability in an asset. An
example "what if" somebody brought up was this:
Does you CFO carry acopy of the books on a USB so they can do work
at home? If so, is it attached to their keychain, and do they every
use valet parking or get their car serviced?
The threat here then is whoever finds that usb key or the kid parking
cars at the valet. The CFO carrying around financial information with
him all the time would constitute a vulnerability, not threat.
Should we consider accidental poicy violations as threats? I know many
of the statistics that report 80% of all attacks are because of
insiders. Sounds more like marketing FUD to me, to get you to buy some
product. Often that statistic includes incidents where an employee would
try and access SecurityFocus website and WebSense returns "inappropriate
- hacking."
Posted by Marcin on Wednesday, February 21, 2007 in
Security.
`SP 800-94 <http://csrc.nist.gov/publications/nistpubs/#sp800-94>`_,
*Guide to Intrusion Detection and Prevention Systems (IDPS)*, seeks to
assist organizations in understanding intrusion detection system and
intrusion prevention system technologies and in designing, implementing,
configuring, securing, monitoring, and maintaining intrusion detection
and prevention system (IDPS) solutions. It provides practical,
real-world guidance for each of four classes of IDPS products:
network-based, wireless, network behavior analysis software, and
host-based. The publication also provides an overview of complementary
technologies that can detect intrusions, such as security information
and event management software. It focuses on enterprise IDPS solutions,
but most of the information in the publication is also applicable to
standalone and small-scale IDPS deployments. This publication replaces
NIST SP 800-31, Intrusion Detection Systems.
Posted by Marcin on Wednesday, February 21, 2007 in
Security.
I have been getting just as furious as
paperghost
lately over the whole Julie Amero
case. By
now you've all heard about it, a substitute teacher was surfing the
internet and then bombarded with porn advertisements she couldn't get
away. People debate her initial reactors and the
woulda/coulda/shoulda's. I think she just paniced and didn't know what
to do, and when people panic, they don't always think straight or
rationally. She could have "pulled the plug," or "thrown her coat over
the monitor" or something stuipdly ridiculous like that... Or she was
just trying to close all the pop ups like so many of us are accostomed
too. Who the hell knows?
My point about this entire incident, is her actual criminal offense,
convicted on 4 counts of "risk of injury to a minor." What risk of
injury to a minor?! Are you kidding me? These were seventh graders, who
have been secretly browsing their father's Playboy's, Hustler tapes, and
going to sites like sex.com when their parents aren't around. How do I
know, you ask? I was once a seventh grader and I had many other friends
who did one of the three above. Let's not be hypocrites here now, don't
tell me you never were "curious" and clicked on 18+ when you weren't.
There were no injuries, and no risk of injuries, especially to a minor.
Give me a f-ing break!
Laws in America need to be revised, and if people haven't seen that yet
with this case, I am beginning to lose all hope.
Posted by Marcin on Friday, February 16, 2007 in
News and
Politics.
Spam sucks. Why do spammers have to ruin every communication medium out
there? Postal mail, email, popups, malware/spyware, and now comment
spam. LonerVamp over at terminal23 has
noticed an increase in spam on his blog as well. I had used Akismet to
help combat spam, but my host is currently not allowing outbound
requests on port 80, so my site cannot contact the Akismet server. Thus,
until I figure out with them how to mitigate this, I am going to have to
moderate all comments before they are posted.
Posted by Marcin on Thursday, February 15, 2007 in
Privacy and
Security.
It's out, Issue
1.10.
- Microsoft Windows Vista: significant security improvement?
- Review: GFI Endpoint Security 3
- Interview with Edward Gibson, Chief Security Advisor at Microsoft UK
- Top 10 spyware of 2006
- The spam problem and open source filtering solutions
- Office 2007: new format and new protection/security policy
- Wardriving in Paris
- Interview with Joanna Rutkowska, security researcher
- Climbing the security career mountain: how to get more than just a
job
- RSA Conference 2007 report
- ROT13 is used in Windows? You're joking!
- Data security beyond PCI compliance - protecting sensitive data in a
distributed environment
Posted by Marcin on Wednesday, February 14, 2007 in
Security.
