From owner-freebsd-chat Sun Mar 28 4:46:53 1999 Delivered-To: freebsd-chat@freebsd.org Received: from srv1.thuntek.net (srv1.thuntek.net [206.206.98.18]) by hub.freebsd.org (Postfix) with ESMTP id E94FF15285 for ; Sun, 28 Mar 1999 04:46:25 -0800 (PST) (envelope-from dwilde1@thuntek.net) Received: from thuntek.net (abq-072.thuntek.net [207.66.52.72]) by srv1.thuntek.net (8.9.1/8.6.12TNT1.0) with ESMTP id FAA26380; Sun, 28 Mar 1999 05:46:01 -0700 (MST) Message-ID: <36FE2400.76272225@thuntek.net> Date: Sun, 28 Mar 1999 05:43:44 -0700 From: Donald Wilde X-Mailer: Mozilla 4.08 [en] (X11; I; FreeBSD 3.1-STABLE i386) MIME-Version: 1.0 To: Brad Benson Cc: freebsd-chat@FreeBSD.ORG Subject: Re: Working in the IT Field - Trials and Tribulations References: <000001be78e9$294a4980$6400a8c0@BillyJoeBob> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brad Benson wrote: > > > On Fri, Mar 26, 1999 at 12:07:03AM -0500, Brad Benson wrote: > > > You said before the network isn't connected to the Internet. If it's a > > > closed system you shouldn't have to worry a lot about your > > security on the > > > NT box. Unless you have some skilled and disgruntled employees. > > I would make > > > > What's that statistic again about the percentage of security incidents > > that come from the inside? > > I don't know about the statistics. I can say that the biggest security > issues I've had, in the companies I've done work for, had little to do with > the OS. Employees working on these closed networks often take security as a > joke. I can't count the times I've gone into a company where most employees > new the root or admin password. I used to do a lot of work with NetWare and > it was even worse. People would setup a network and just give every user > supervisory rights. It doesn't matter how tight the OS is if everyone has > the password, or no one setup the security right in the first place. I'd put > money on the fact that any statistic on internal security has a lot to do > with this type of problem. > I've worked at companies that _were_ connected to the Internet where the CEO insisted we take passwords _off_ all the W95 clients so he could do his employees' work himself or snoop theirs. One wanted to kill the server passwords, too, but I drew the line... =8-O Actually, SOftware magazine had a security article a while back ( ~9 months ) and I think the percentage was around 90% for _internal_ sabotage. CEO's don't like to know there are ramifications for screwing their employees. -- Donald Wilde "Bringing the Internet to everyone!" Wilde Media 1380 Rio Rancho Blvd. SE #117 voice: 505-771-0709 Rio Rancho, New Mexico 87124 e-mail: dwilde1@thuntek.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message