Dealing with intruders
Slashdot has an intresting thread on dealing with network intrusion attempts. I can remember, years ago, running early versions of Snort and waiting for attacks just to study them. Now a network is hit hundreds of times a day. The general consensus seems correct - ignore them. The bulk of the hits are likely zombies/trojans/worms/scans - not much to do there. And even if it was done manually, it's likely from a cracked box. I think the only time you can really try and track someone down is if they successfully crack and harm your network.
Professor Anthony’s talk was dramatically different and showed why it was a really smart move to attach a sociologist to Dartmouth’s PKI research group. As security technologists, we’re easily dazzled by our shiny cryptographic swords. But while we’re brandishing our swords, our users — like Indiana Jones in that famous scene from Raiders of the Lost Ark — might simply pull out their guns and shoot us. Better security protocols alone can’t thwart such game-changing behavior. We need to understand what motivates the behavior and figure out which carrots and sticks will influence it.