The Tuesday 2005-01-25 at 00:11 +0100, Theo v. Werkhoven wrote:
It's an average figure I picked up from books on Firewalls and other stuff on network security I read. It doesn't neccessary mean that /every/ network has 75% of the problems coming from the inside.
Although, if you count in the problems arising from leaky Windows boxes inside an average network, I wouldn't be surprises if that figure was even bigger.
I was told an anecdote yesterday. Imagine a Call Center for a telephone and internet provider (name censored). The chaps answering the phone (usually underpaid) are given a post with a windows nt machine of some kind, quite limited, with security in mind. But nights are long and boring... so, one of them gets a password retriever program. Hey, presto, he gets the admin passwords of his machine, and as a bonus, of the main servers - I don't know the details of how he did it. Of course, being an honest chap, he only used it to give himself a few more privileges, like using messenger or something :-p One day, the administrator was boasting of the security of his setup over a coffee. You can imagine the face he put when the chap on the next seat, a lowly clerk, tells him what _his_ administrator password was on the room main server :-p Needless to say, they just covered it up silently. Nobody was interested in it being known ;-) -- Cheers, Carlos Robinson