[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: Pilot Network Services
From: Julian Assange <proff () suburbia ! net>
Date: 1996-06-25 7:43:57
[Download RAW message or body]
>
> At 04:28 PM 6/20/96 -0700, Bill Stout allegedly wrote:
>
>
> Specifically, the report contains the statements which appear to
> appear to be contradictory.
>
> "Over 50% reported incidents on their internal networks and almost
> 40% reported frequent incidents on their remote dial-in and Internet
> connections. These results tear at the "conventional wisdom" that
> 80% of the information security problem is due to insiders (i.e.
> disgruntled or dishonest employees, contractors, etc.)."
>
> - from the 1996 CSI/FBI Computer Crime and Security Survey
>
> Actually, the statements are't contradictory.
>
> The graphics chart on page 5 clarifies this. Under the heading
> "Networks are being probed from all access points", those surveyed
> were asked to respond to the multiple choice question. The breakdown
> of this as follows:
>
> Internal Systems: 53.5%
> Remote Dial-in 39.4%
> Internet 37.5%
>
A flawed and useless study. When will these people find some academic
and statistical rigor? The above figures are useless without error
margins. Having digits after the decial point implies an error margin
less than 0.05%. In a field like this, I am confident such a figure is
one of sheer deception. I suspect strongly that the error margin in this
sort of study approximates +-49.9%.
Let us examine the key words.
1) "reported incidents".
This implies DETECTED. Undetected incidences we obviously have no
information about. Now, where will intrusion detection systems (that
includes security staff) be most strongly keyed for? Internal access?
Hardly. Logging and analysing a major company gateway is possible, if
very intensive. For topological and traffic volume reasons, identical
monitoring of internal traffic is completely impracticle.
Now let a look at the "reported" component of this phrase. Reported to
*whom*? The quote does not directly state the answer, but will presume,
the entity is either the FBI or CERT. Which are more likely to be
reported to an *outside* agency. Inside or *outside* attacks. I think
the answer is disgustingly clear.
2) "those surveyed"
How were "those" chosen? On the basis of past contact with
CERT/FBI? Random telephone calls? Fortune 500 index? Yellow pages?
Subscribers of a mailing list? Conference attendies?
3) "were asked to respond"
*asked* to respond. Not legally forced to respond. If half of those who
were asked to respond did not respond the error immediately margin jumps
to +-25%, because some or all of the entities who were surveyed and did
not respond may have elected that course for reasons related to the
nature of the survey.
Remember the final error margin is the compound of all error margins
along the way.
The writers of report concered (not forgetting the designers of the
amazing "it must be true because we managed to turn it into a picture"
CHART) quite simply incompetant morons, or intending to deceive and in
either event should be severly repremanded.
--
"Of all tyrannies a tyranny sincerely exercised for the good of its victims
may be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies, The robber baron's cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those who
torment us for own good will torment us without end, for they do so with
the approval of their own conscience." - C.S. Lewis, _God in the Dock_
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union |
|proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic