>"The best defense is to offense"
>How do we incorparate this into the internet security/firewalls?
That was what I was getting at with my reference from Sun
Tzu(*) earlier. One workable approach would be for security folks
to invest a little time in gathering intelligence about the cracker
community. For one, most of them like to maintain a degree of
anonymity. That means that it should be pretty easy to pose as a
cracker and start getting in on the ground floor of some of their
tricks. Drain 'em dry -- then call the Secret Service. :)
Doing this could be time consuming, but the fact of the
matter is that there are more right-minded folks on the internet
than not. We outnumber them many to one. Posing as a cracker
might be an amusing "field trip" though frankly from what I've
seen of most of their abilities we're NOT talking big game hunting...
Us security guys are often accused of being professional
paranoids. For a rather surreal story about excessive paranoia
that somewhat applies to internet hackers, I heartily recommend
G.K. Chesterton's "The man who was thursday."
(* one of the fathers of modern computer security) :)