Norm Stys-Mullican
August 23rd 07, 03:44 AM
The smaller site had two security incidents within the first three hours.
Two different format (Microsoft Access DB, Excel spreadsheet) copies of
employee social security numbers and other personal personnel information
flew out of the smaller site's Internet connection.
Internet firewalls have no protection against file transfer via email.
Yet companies often disallow FTP, another command for transferring files.
ALL email is transferred as a file.
My two managers shook their heads at people being so stupid as to mail
company confidential information over the Internet in the clear.
Their security rule was "Don't send it out over the Internet unless it's
okay to read about in the next day's paper."
The transmissions included the managers' social security numbers too.
For non-U.S. people: a defacto key for accessing all of ones personal records.
And why did I create and turn on email monitoring at that site?
Well, those business magazines for the computer industry like to sell big
screaming "Internet Security: the Sky is Falling!!!" covers now and then.
So, one triggered the Chairman to start making strange noises about shutting
down the Internet connection for security reasons. Also said something about
having email printed out at the Internet system and hand-delivered.
Now THAT scared the hell out of the rest of us, from geeks to managers, so,
being the hired gun for doing Internet security, I created some capture code.
All email in and out of the firm was now being copied to a 's
Two different format (Microsoft Access DB, Excel spreadsheet) copies of
employee social security numbers and other personal personnel information
flew out of the smaller site's Internet connection.
Internet firewalls have no protection against file transfer via email.
Yet companies often disallow FTP, another command for transferring files.
ALL email is transferred as a file.
My two managers shook their heads at people being so stupid as to mail
company confidential information over the Internet in the clear.
Their security rule was "Don't send it out over the Internet unless it's
okay to read about in the next day's paper."
The transmissions included the managers' social security numbers too.
For non-U.S. people: a defacto key for accessing all of ones personal records.
And why did I create and turn on email monitoring at that site?
Well, those business magazines for the computer industry like to sell big
screaming "Internet Security: the Sky is Falling!!!" covers now and then.
So, one triggered the Chairman to start making strange noises about shutting
down the Internet connection for security reasons. Also said something about
having email printed out at the Internet system and hand-delivered.
Now THAT scared the hell out of the rest of us, from geeks to managers, so,
being the hired gun for doing Internet security, I created some capture code.
All email in and out of the firm was now being copied to a 's