[Dshield] Secure computing (was: Port 135)

Lauro, John jlauro at umflint.edu
Tue Oct 29 19:26:31 GMT 2002

> > A hack from the outside will often be easier to detect
> > and less likely to alter sensitive data, compared to
> > if someone internally hacks you.
> Ummm.... How is that?  Unless you're running Tripwire or something
> similar,
> you have to go manually dig up compromised data and *notice* that
> something
> is off.  This applies whether the hacker was inside or outside.  I
think I
> sort of get what you're saying, but can you clarify for the sake of
> discussion?

If it's internal, the person is more likely to make a minor change or
steal some data and not do anything else that would be noticed.  If
it's external, they are less likely to stop at something minor and
difficult to detect.  They might let it sit for a number of months to
see if anyone has noticed them, but they will not leave it untouched.
(assuming the attack was at a random target and not directed at your
site specifically).  An external intruder will either make very
visable changes (deface web site, etc...), or they will turn the
machine into a warez server, or join a DDOS network, all of which will
produce something large enough that is more easily noticeable.

> And what do you do about the raw volume of successful attacks you
may be
> exposing yourself to without a firewall vs. with?

According to the vendors, their products are secure...  So there
should not be that many successful attacks.  ;)    (I did say I
recommended this, just as something to think about).

I am just saying...  A person breaking in from the inside could cause
far more subtle damage then a person from the outside would do.  

More information about the list mailing list