On Tue, 29 Apr 1997, Darren Reed wrote:
> Hmmm, I still haven't seen a good anology to port scanning.
Perhaps we need to completely drop the analogies and look at computer
security issues in their own terms, then look at how to address
generalised issues related to the intent and effect of such actions.
With regard to the latter, the type of questions I'd be asking are:
1) Did the person intend or cause data to be accessed by unauthorised
2) Did the person intend or cause data to be modified (including deletion)
by unauthorised persons.
3) Did the person intend or cause denial of service to authorised users ?
We may never really know a person's intentions, but we should have some
idea about the effects of their actions with the right tools, procedures
and people in place.