| Author |
Topic:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
[Locked] |
|
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
Ordal posted:
Immortal_Haze posted:
Depends on the information they're trying to acquire.
let's assume it's the most sensitive information available on an important upcoming or current project.
I'd never say impossible, but VERY difficult. I think there'd have to be some link to someone with the access.
At my first job out of college, I met a security guy working for the DoD whose job was to infiltrate Army areas, grab really sensitive data and then make a report about the steps he went through. He said he'd go into highly classified exercises, pretend to be a civilian technician or something, get Army guys to log in for him and he'd download craploads of stuff and bounce out lol. Pretty interesting stuff.
-----signature-----
"Those who have long enjoyed such privileges as we
enjoy forget in time that men have died to win them." FDR
|
Arch_Magi
Title: The Lord of Chaos
Posts: 827
Registered: 2002-10-31 14:31:20
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
Ordal posted:
Arch_Magi posted:
If the someone is me, VERY easy.
If it was someone else in the company, moderately hard.
If it was someone outside the company, fairly difficult.
Anything that gets thrown out that is on paper, gets cross cut shredded. We don't hand out ANY information over the phone and emails are pretty well regulated as well. No vendor comes into our place un-escorted and they are watched.
Do you ever have PEN tests or whatever they call them? Security testing? If so, how does that generally go? My impression is that they always always always get through whatever security is in place.
Penetration Tests?
Yes, every couple years. We go the "black box" route, which is the best way, IMO.
And yes, no system, aside from having your network in a Faraday cade and not hooked to the net, is perfect. It's a lot like fire proof ratings on a safe. They all eventually fail, it's just the amount of time before it does.
|
Steelwind_Oo
Title: Lurking Oo
Posts: 1,789
Registered: 2000-9-30 10:26:30
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
Gaevren posted:
Ridiculously easy.
Yup, I have been preaching data security for years now and now that I'm doing PCI compliance they all act friggin surprised when all the crap I have been telling them for like ten years is required and suddenly they have to do it before they can get signed off.
-----signature-----
'God is an imaginary friend for grownups.', Walter Crewes (Morgan Freeman), The Big Bounce
Don't be afraid to ask dumb questions they're easier to handle than dumb mistakes!
Xbox 360 Gamer Tag: SteelwindOo
e93% a53% s33% k13%
|
jonus156
Posts: 906
Registered: 2005-10-12 11:53:45
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
and now it would be hard i just sent my note book through the paper shredder
-----signature-----
This thread begs the question: do the "women" of ACF use a funnel to get that much sand in their vagina or do they just slide around the beach like an angry Roomba? -deadcactus-
"I could go for some cock"--cute_but_stupid
|
Aethelgrin
Posts: 198
Registered: 2001-12-20 11:30:54
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
Yeah...there's no such thing where I work. What do you want to know?
-----signature-----
"It's not your welcome. You don't have a welcome. It's, "you are welcome." - Malik_Gynax
"My welcome! MINE!!" - .Sylva.
"I thought men had belly buttons and women had vagina's instead" - Element_X
|
Terminius_Est
Title: Moon River
Posts: 894
Registered: 2002-2-27 06:08:05
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
First you'd need to get in the office somehow. That's probably not too hard but you'd need to bamboozle somebody into letting you in without a badge.
Then you'd need to find a computer that's not being used in an empty office. That's not too hard either but if somebody notices a stranger messing around with a computer, you might get confronted.
If you know what you're doing and are prepared, you could boot up the computer off of a memory stick and get it to boot up with you as the administrator.
After that, you can find out a lot because usernames and some data is on the pc's. No data or usernames are on the Linux workstations though, it will take more work but once you're in, we can't keep you out.
You can't keep a really knowledgeable determined person out of any system. You can just throw up a lot of roadblocks to slow him down.
-----signature-----
There is no emotion, there is peace. There is no ignorance, there is knowledge.
There is no passion, there is serenity. There is no chaos, there is harmony.
There is no death, there is the FORCE.
Sci/Fi Bookshelf http://tinyurl.com/2z8u9h
|
Ordal
Posts: 250
Registered: 2001-5-24 12:51:34
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
Terminius_Est posted:
First you'd need to get in the office somehow. That's probably not too hard but you'd need to bamboozle somebody into letting you in without a badge.
Then you'd need to find a computer that's not being used in an empty office. That's not too hard either but if somebody notices a stranger messing around with a computer, you might get confronted.
If you know what you're doing and are prepared, you could boot up the computer off of a memory stick and get it to boot up with you as the administrator.
After that, you can find out a lot because usernames and some data is on the pc's. No data or usernames are on the Linux workstations though, it will take more work but once you're in, we can't keep you out.
You can't keep a really knowledgeable determined person out of any system. You can just throw up a lot of roadblocks to slow him down.
So basically someone would just need to come at night and con one of the janitorial staff lol
-----signature-----
|^^^^^^^^^^^ ||______
| 7.16 ACF'05 | ||'""|""_,
| _____________ l ||__|__|___|)
|(@(@)""""""""**|(@)(@)***|(@)
|
|
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
Ordal posted:
So basically someone would just need to come at night and con one of the janitorial staff lol
Social engineering is one of the most dangerous risk to sensitive systems. Even on closed systems, you can't protect against stupid decisions from people that have access to those systems.
-----signature-----
"Those who have long enjoyed such privileges as we
enjoy forget in time that men have died to win them." FDR
|
Tai-Daishar_MT
Title: Moderator
Troll Eradicator
Posts: 469
Registered: 2000-3-9 15:14:13
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
Gaevren posted:
Ridiculously easy.
This, and considering what I do and the material available, this should concern people quite a bit.
-----signature-----
Fare thee well VN, Vini, Vidi, Vici!
|
-Ducky-
Posts: 580
Registered: 2001-6-1 14:21:49
|
Date Posted:
1/1/00 12:00am
Subject:
If someone wanted to steal sensitive information from your workplace, how easy would it be?
|
Easy. Everything is public record. They just have to ask for it. 
-----signature-----
Love is better than anger. Hope is better than fear. Optimism is better than despair.
So let us be loving, hopeful and optimistic. And we’ll change the world. ~ Jack Layton
|
