[clug] Defence security breaches makes news at SANS
Steve Jenkin
sjenkin at canb.auug.org.au
Fri Nov 14 10:36:04 EST 2003
--Australian Defense Minister Enumerates Department Security Breaches
(10 November 2003)
Australian Defense Minister Robert Hill said that there have been three
externally launched security breaches resulting in unauthorized access
to computer systems in his department during the past three years; in
that same time period, there have been 13 internal attempts to breach
security. These attacks plus the theft of 1,600 personal computers have
raised serious concerns about security in the Australian Defense
Organization.
http://www.zdnet.com.au/printfriendly?AT=2000048600-20280750
[Editor's Note (Schultz): Figures such as these which will undoubtedly
give ammunition to those who still believe the outdated 1983 FBI
statistic that 80 percent of all attacks come from the inside. Mr.
Hill's statistics pertain to successful, not attempted attacks. A close
examination of their firewall logs would probably uncover hundreds of
externally initiated attacks for every internally initiated attack.
Nevertheless, the greatest risk is from internal sources; employees and
contractors already have access to and knowledge about systems they
attack.
(Schneier): This is useful information, but be careful of the
conclusions. The story compares apples and oranges -- successful
external attacks versus all internal attacks.
(Grefer) Only three successful external attacks in three years? Is it
possible that there were attacks that weren't detected?]
--
Steve Jenkin, Unix Sys Admin
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
More information about the linux
mailing list