Managed Security - script kiddies

[alvin at maggie.linux-consulting.com]

On Tue, 25 Feb 2003, Paul M. Moriarty wrote:

> alvin at maggie.linux-consulting.com writes:
> > 
> ...
> > 
> > again, if we're using my dumb rules ... i run on the
> > following assumptions/requirements
> 
> Hmmm... or assuming they're script kiddies, they'll get in and say "oh shit,
> now what do i do?" ;)

almost...

i assume 80- 90% are internal attacks
	including myself - that renders a server useless for a short
	time say due to a bad patch or bad kernel etc 

	-- i worry about the "internal attacks" !!

	-- i dont mind they try once or twice or few hundred times
	( note that they get reported if they try a few hundred times )
	
	-- i do mind if they got in !!

	-- ie ... i get no "false positives"

than 10% due to script kiddies that does a lot of free testing
and free audits of your (external?) servers  and security precautions
	- i dont mind that they get in and say "now what script, what else
	can u the script) do"	-- those are harmless usually..	
		and i treat it like a wake up call to
		do more "very expensive" patch testing

last 1% or so of dedicated/purposeful attacks are beyond my brains
or lacking brains thereof and would need to hire a "real pro" 
	- mitnick-shinomura example comes to mind
	( ie no matter what you do, the other will keep trying
	( and dont forget the obvious 

which in turn leaves me to the even dumber rule, put your car/house
key in a safe place !!
	( that includes computer room keys too )

	- especially if you have visitors that come and go like a PC store
	( and yes,,, on wed or thur last week... some teenage kid walked
	( off w/ my house and car keys ... and yes i have backup keys
	( but did have to change the lock on the office and postpone a
	( meeting

	- security camera monitoring didnt help ... recording turned out 
	to be broken
		-- do NOT depend on 3rd party monitoring unless they
		are financially liable for their "monitoring ooops"
		( my silly rule )

c ya
alvin