re: Wireless and internal attacks

From: H C (keydet89@yahoo.com)
Date: 07/18/02 

Date: Thu, 18 Jul 2002 11:31:11 -0700 (PDT)
From: H C <keydet89@yahoo.com>
To: security-basics@securityfocus.com

I'll provide my input regarding the internal
attacks...

> Also, it's all good protecting your network from
outside
> attacks, but what about internal attacks? I would
> assume one must be more cunning when attempting to
> prevent internal compromises!

More cunning? Not at all. What you need to do is
simply an extension of the same basic principles as
what you do to protect from outside attacks. Of
course, other issues come into play, b/c many internal
networks are quite large...and more importantly,
they're already entrenched. Therefore you have to
overcome political (fiefdoms) obstacles, in addition
to budgetary, in many cases.

However, look at the basic things you'd do for outside
attacks. You want to be minimalistic...run and/or
provide access to only those services you require.
Don't need Gopher? Get rid of it! If you do need to
run a particular service, configure it securely and
monitor it. For example, I've seen IIS servers
supporting intranets...unpatched, w/ all of the
default script mappings enabled.

User rights, strong passwords...all that stuff
applies. If you find something that needs to be done
and you feel strongly about it...and you are told you
can't do it, get it in writing. That's why email is
such a good resource...most folks will respond to an
email, which you can then save and even print out as a
CYA.

Anyway, the point is that there really is no
difference in the basic principles you need to follow.
 The implementations may be different, and what you
can actually implement may be different (based on
infrastructure, policies, etc.).

HTH

__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com