>"The best defense is to offense"
>How do we incorparate this into the internet security/firewalls?
That was what I was getting at with my reference from Sun
Tzu(*) earlier. One workable approach would be for security folks
to invest a little time in gathering intelligence about the cracker
community. For one, most of them like to maintain a degree of
anonymity. That means that it should be pretty easy to pose as a
cracker and start getting in on the ground floor of some of their
tricks. Drain 'em dry -- then call the Secret Service. :)
Doing this could be time consuming, but the fact of the
matter is that there are more right-minded folks on the internet
than not. We outnumber them many to one. Posing as a cracker
might be an amusing "field trip" though frankly from what I've
seen of most of their abilities we're NOT talking big game hunting...
Side-track:
Us security guys are often accused of being professional
paranoids. For a rather surreal story about excessive paranoia
that somewhat applies to internet hackers, I heartily recommend
G.K. Chesterton's "The man who was thursday."
mjr.
(* one of the fathers of modern computer security) :)
|
|
