Security Event / Customer Reporting

From: Tyrannis Von Nettesheim (tyrannisat_private)
Date: Fri Jul 13 2001 - 08:57:40 PDT

Next message: Bojan Zdrnja: "RE: strange qmail actions"

Previous message: MrG: "SMTP server (How can I find out the real source of an attack)"
Next in thread: Nick FitzGerald: "Re: Security Event / Customer Reporting"
Reply: Nick FitzGerald: "Re: Security Event / Customer Reporting"
Reply: ethan preston: "Re: Security Event / Customer Reporting"
Reply: Aaron Silver: "Re: Security Event / Customer Reporting"
Reply: JohnNicholsonat_private: "Re: Security Event / Customer Reporting"
Reply: ethan preston: "Re: Security Event / Customer Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Folks:

From the battlefield trenches of dealing with the constant ebb and flow of
residential customers compromised generally due to the expected holes in
Microsoft products, I have yet to get myself or hear of a request from any
entity (with the exception of legitimate, authorized government
investigators) for forensic data analysis from their own "home" networks.

In a recent posting here, I read an opinion that people should be prepared
to provide this.

This is absolutely abhorrent, and leads us all down the slippery slope of an
Orwellian society.

Customers, unless engaged in financial business or other business with
regulatory requirements, should not be ever subjected to anything near a
requirement to store their own data, or be prepared to provide historical
data. At the surface, this violates privacy concerns. Deeper under the
surface, it would make security professionals de-facto extensions of law
enforcement in a very unregulated way. This immediately makes one think of
government "strong-arming" a security professional into providing data, but
this works the other way too - where a well-intentioned, but overzealous
security engineer discloses confidential data improperly or commits a
procedural error that leaves an employer exposed legally. This is why we
have courts, judges, magistrates, search warrants, process, and procedure,
to ensure that requests for confidential data and privacy intrusions are
well-formed and within the bounds of current law.

Stepping above the day-to-day techie mindset we're in, it's interesting to
consider the question of : "Who owns a packet once it's off your network?".
Current US law seems to view examining transit traffic like radio
interception - a no-no, for the most part. There's also the huge issue of
how to prove / maintain a chain-of-evidence, yet another slippery slope in
the digital crime era. =(

-T




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"...Far better is it to dare mighty things, to win glorious triumphs
even though checkered by failure than to take rank with those
poor spirits who neither enjoy much nor suffer much because they
live in the gray twilight that knows neither victory nor defeat..."

				-Theodore Roosevelt, 1899.




----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: Bojan Zdrnja: "RE: strange qmail actions"
Previous message: MrG: "SMTP server (How can I find out the real source of an attack)"
Next in thread: Nick FitzGerald: "Re: Security Event / Customer Reporting"
Reply: Nick FitzGerald: "Re: Security Event / Customer Reporting"
Reply: ethan preston: "Re: Security Event / Customer Reporting"
Reply: Aaron Silver: "Re: Security Event / Customer Reporting"
Reply: JohnNicholsonat_private: "Re: Security Event / Customer Reporting"
Reply: ethan preston: "Re: Security Event / Customer Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 15:24:53 PDT