Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 02 > 120332.html (Request Expert securityfocus.com Support)

RE: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation

From: Rob Shein <shoten(at)starpower.net>
Date: Tue Dec 31 2002 - 10:45:18 EST


Well, again, I refer you back to analogs in the physical world.

Let's consider a Best Buy or similar retailer. They have doors in front, doors in the side, doors in back. The doors in the front are clearly set up for the intended purpose of allowing the general public to enter. However, that doesn't make it legal for them to shoplift; in fact, if 10 people enter and one of them intends to shoplift, that one person has committed a crime merely by entering (unlawful entry) while the others are valued customers. This is much like a web server, set up with information that is oriented for the general unknown public, but the presence of which does not make hacking "fair game" against it.

They have doors on the side, for purposes of emergency exit. These are locked from the outside and labeled clearly on the inside as to their purpose, with the warning that they not be used for any other purpose. If they happen to have a malfunctioning lock on one of those, does that make it legal for anyone to just come inside after hours, or for someone to take merchandise and exit through them without paying for it? Nope.

Finally, there are the doors in the back, the loading dock and receiving area. These are in use during business hours, and additional hours as well. True, they are doors in the same building as the doors in front; this is a building the general public is supposed to enter. But does that make it ok for people to just walk into the back warehouse? Nope.

In the "real" world, the notion of "acceptable entry" is conditional not upon the place being entered, but the intent of the person entering and whether they have been permitted to enter. It's more granular than just yes or no to the entire facility/area. And so it is with networks. Allowing SNMP access through your firewall is no different than screwing up and forgetting to lock the back/side doors...it's a bad idea, it's asking for trouble, it's certain to get noticed/abused sooner or later...but it doesn't make it ok for people to take advantage of it.

> -----Original Message-----


This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jan 2 12:15:43 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:55 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library