[plug] Trade [flame alert]

[Christian]

russ wrote:
> Not being a sys admin or even having the slightest experience in the
> area, I'd agree that certainly on your home computer both these
> paragraphs seem true. But in companies, I thought most breaches of
> were internal?

Well, I don't really think they are.  A while back before people started
internetworking their machines the only avenue for attack was either via
dialup modem (limited) or if they already had internal access.  In
today's internetworked world, I really don't believe that most security
compromises are internal.  In the situation of a small to medium IT
department (or organisation), the access to machines (certainly at the
privileged level) should be relatively limited to trusted users.  There
can always be problems when those users leave but, I still think most
attacks come from the outside.  If the host implements some sort of
minimal intrusion detection system then you will see almost daily probe
attempts -- on systems that aren't very secure then a reasonable
percentage of these probes will be successful.  This is one reason why
DDoS is such a big problem.

Regards,

Christian.