[ previous ] [ next ] [ threads ]
 From:  Richard Morrell <dick at dickmorrell dot com>
 To:  Mark Spieth <mspieth at neod dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Feature request which would make m0n0wall even better ;)
 Date:  Tue, 27 Jan 2004 19:38:49 +0000
Mark Spieth wrote:

>>>In a home network, having everything in one box isn't as risky.  For
>>>thing, home networks aren't "juicy" targets like company networks are.
>This is an extremely incorrect statement, Infact most script kiddies
>(which comprise most of the hacking attempts) do huge scans on network
>addresses they have no idea who they are hacking, and would hack a home
>machine first, you are less likely to get caught or even have the end
>user know the system was compromised. Once the home machine is hacked
>they will then use it to go after other systems. 
Let me give you a live example. Earlier this year I was contracted by a 
Florida based bank to audit there security. They had spent hundreds of 
thousands of dollars on firewall technology, VPN roaming clients and 
even iris scanning technology in their office complexes in Boca, Miami 
and Port Everglade.

One of my UK engineers who worked with me on the contract was able to 
dump bank transaction information, lease car details and fuel card 
expense reports on the desk of the CIO within two days of doing the 
sweep. How. By following a VP home who was a wifi fanatic and launching 
an attack on the corporate network via his home trusted VPN connection.

So... no such thing as security. Any corporate granting remote access 
via any firewall technology or VPN gateway has no rights to restrict the 
freedom of the individual - e.g you can't stop your staff going to ebay 
and buying a Netgear WiFi AP and you can't stop them misconfiguring that 
technology. With 54g technology the spread is scary too. My local vicar 
lives a 1/4 of a mile from my home. From my laptop sat here watching TV 
I can tell you his ESSID is "huffy" and that he has two Dell machines on 
a home network and a Epson Stylus printer and that he likes some strange 
MSN groups and sits most of the day on news.bbc.co.uk

Scary isn't it...