> I think it all boils down to this; our cultural > association > with this sort of technology is only just beginning. > Everything is essentially having to be learned from > scratch > by everyone who gets into it even just a little bit. I don't know. I would agree that this is the case for things like recent/current MCSE's, but Unix admins had this all down pat years ago. Of course, 'zero knowledge administration breeds zero knowledge administrators'; re: NTFS alternate data streams, etc. I teach a 2-day, hands-on incident response course for NT/2K. I've had folks ask be during the course, "why would someone want to break into my computer??" > Its going to take a while before these manners of > thinking > have gotten into the popular culture enough to do > any good. I agree, but I don't see why. As a security consultant, I have been reporting this to clients for years. When I was a security manager, I tried to get folks to change their manner of thinking sooner rather than later. > Its starting for sure, people, not even computer > geeks, can > be overheard talking about hacking and crashes and > such. > So people are by and large becoming more aware of > it. However, they're doing so via the media, and that's not a "Good Thing". I'm on several listservers and recently saw an email where a port scan for a default trojan port was described both as a 'ping' (entirely different beast) and an attempt to "drop a trojan on his PC". Remember the telephone game? Well, consider this game being played by using a media article on 'hacking' as it's source...it quickly gets blown out of proportion. Not that I'm complaining...to be honest, such miscommunications and misinformation should be good for the security consulting industry...but it's not. For all the talk you hear around the proverbial water cooler about 'hacking', organizations aren't hiring for the most part, and they also aren't contracting work out. > I got a callout from a company that had been hacked > and their internet access taken down for two > business days. > Because their 'official' admins hadn't been checking > logs. > Or hadn't been aware of what they were seeing. Which takes us back to the original issue...how can you put a price tag on security, or compute ROI, in a situation like that? What was the 'hack' (you didn't mention the company name, which was good...thought I'd ask what happened)? Did it require two days of downtime? Could it have been prevented? In the aftermath, was there anything useful in the logs? > Their general manager was absolutely distraught. > They *sure* became aware of how hacking can impact > ones > business life, and she now has a nice horror story > to > tell as well. Word gets about, people learn. It > takes time tho. Unfortunately, in situations like this, *most* folks demonize the 'hacker', rather than address the real issue...which is, what was so wrong with our processes that this happened? If any changes are made, just wait 6 months...complacency will set in again. __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Feb 20 2002 - 06:41:56 PST