[Agenda] [Examples] [Network Partitioning] [Concepts] [Policy] [Process] [Organization] [HW-SW] [Cases studies] [Conclusion] [Resources]
[first slide] Analysis [previous slide] [next slide]
* What the analysis shows up:
o A trainee sniffs the network and gets all mailboxes passwords
o (1) The trainee doesn't need access to the mail server

o A subcontractor shuts down all the 300 WNT servers with a DoS
o (2) The subcontractor needed access to only 6 WNT servers to perform his job

o Employees look at web site of a subsidiary in another country
o (3) Employees of one country didn't need access to the others countries subsidiaries web servers

o Someone hacked the bank wire transfers
o (4) Nobody needed to be able to connect from the place where the hacker was to the database server

o A cooperative partner steals the specifications of version N+1
o (5) The cooperative partner should not have access to that part of the database

HSC ® © Hervé Schauer Consultants December 1999 - 142, rue de Rivoli - F-75001 Paris - France
Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr>
- Page 6 -