[plug] Trade [flame alert]

Christian christian at global.net.au
Tue Feb 29 15:12:03 WST 2000


Colin Muller wrote:
> 
> Christian wrote:
> 
> > today's internetworked world, I really don't believe that most security
> > compromises are internal.
> 
> http://www.bankinfo.com/security/CSIstatistics.html
> 
> Penetration by outsiders
> 30% in 1999
> 24% in 1998
> Internet connection as point of attack
> 57% 1999
> 37% in 1996
> Unauthorized access by insiders
> 55% in 1999
> 45% in 1998

What about the other 15%?  Or, as Rob Sitch likes to say, "55% of
WHAT?"  Also, since the Internet connection is the most popular point of
attack, how can there simultaneously be more attacks by insiders?  These
figures don't make much sense at all.  They also don't correlate at all
well with the figures cited by Steve.

All this data can only come from compromises that are discovered.  Out
of those that are discovered there are two categories: those which are
publicised and those which are not.  If a current or ex-employee misuses
a system, they are likely to get fired and criminal proceedings may
follow -- therefore this becomes something which is acknowledged.  When
an attacker from eastern Europe strikes, little is gained from
acknowledging that the compromise occurred -- in fact it will only lead
customers and users to believe that, not only are the networks
vulnerable, but they also cannot do anything about it.  Hence external
compromises that get discovered probably don't get acknowledged. 
Furthermore, it is often suggested that most compromises are never
discovered... given the fact that people try to break into my home
dialup computer about twice a week (on average), how can I seriously
believe that insiders attempt to subvert internal systems more often
than this?

Anyway, I don't really have any strong evidence or argument for my
statement but I just don't buy into the idea that most compromises are
internal.  It was probably true many years ago when there were few
access points to internal computer systems -- with the advent of the
Internet the entire world can wander into your network almost at the
touch of a button.

Regards,

Christian.



More information about the plug mailing list