First page Back Continue Last page Summary Graphics
Response | Assessments cont’d
Dial-in
- Includes a war-dialer to detect modems connected to trusted LAN, Servers, or workstations
- Execute during the day and at off-hours (unannounced) to detect modems turned on by employees when they want to work from home
- Three steps: find, identify, penetrate
- Be certain to check digital lines such as IDSN, DSL
Internal
- FBI study showed 75-80% of all [detected] attacks came from the inside...
- An uncertain risk: are companies responsible when their employees [or others] use company resources to attack other computer systems?
- May include developing profiles of normal employee use
- Is it really trusted employee Bob logging in at 10:30PM, or a member of the cleaning crew using Bob’s username and password?
- Why is Dilbert accessing the HR DB through remote access?