>Actually, it occurs that in this second scenario -- a confederate of the
>baddies, perhaps a disaffected employee inside your network -- even
>authentication of outbound connections wouldn't help you: if this
>insider is `trusted' -- allowed to make outbound connections through
[...]
>..even if she has to supply the connect authentication manually (eg
>SecurId) to set the connection up. So even things like TIS's
>authentication hooks don't seem to prevent this kind of thing?
They also don't prevent her from copying the data to a floppy and
putting it in her pocket. If you can't trust your employees, you're
screwed no matter what you do. Even the military approach (background
check, access limited to need-to-know, policies enforced with guns)
doesn't always work.
/===========================================================================\
|John (Francis) Stracke | My opinions are my own. |
|InSoft, Inc. |==================================================|
|Mechanicsburg, PA | Vote for Ron, and nobody gets hurt! |
|francis @
insoft .
com | --actual campaign poster from Chicago |
\===========================================================================/
References:
|
|
