Unix security additions

Ed Otto edotto at ux1.cso.uiuc.edu
Tue Apr 16 02:30:13 AEST 1991 

jfh at rpp386.cactus.org (John F Haugh II) writes:

>>Under this circumstances, would it be wise to trust the same people that
>>they don't take the backup tapes and read them anywhere else?

>If you don't have physical security (i.e., they can take the tapes
>anywheres they want) and you can't trust your personnel, I'd suggest
>you turn off the computer system and just give up.

Nice thought...in my case it's a combination lock on the door to the machine
room that, two hours after it was installed, 46 people had the combination
to...

>Basically your complaint is that you must give privileges to people
>that you can't trust not to abuse them, and that you can't control
>the data once they've take it.  Sounds like you got a rather serious
>problem on your hands.  Good luck.

Ya - from me, too.  I simply said "I'll do all of the work."

>These are not the same problems.  They aren't even related to each
>other.  Particularly since the former is meant to prevent things
>that the later can't address, such as people you didn't hire accessing
>your system.  The only completely secure computer is sitting in a room,
>with no outside connections, powered off, and encased in concrete.  If
>you insist on hiring people you think are going to violate the systems
>security, there is no point in keeping out the rest of the world.  You've
>already given the keys to the bad guys.

Yup...once the nasties are out and about your workplace, you've lost the whole
war...I mean, anyone with su access can run the 'adduser' script...and once
THAT happens, well, kiss it goodbye.


*******************************************************************************
*                             *  Netmail addresses:                           *
*  Edward C. Otto III         *    edotto at uipsuxb.ps.uiuc.edu                 *
*  University of Illinois     *    edotto at uiucux1.cso.uiuc.edu                *
*  Printing Services Office   *    UIPSA::OTTO (Decnet node 46.99)            *
*  54A E. Gregory Dr.         *    otto at uipsa.dnet.nasa.gov                   *
*  Champaign, IL  61820       *  Office phone: 217/333-9422                   *
*                             *                                               *
*******************************************************************************

	"As knowledge is to ignorance, so is light unto the darkness."

		       ---     GO 'PODS!     ---
-- 
*******************************************************************************
*                             *  Netmail addresses:                           *
*  Edward C. Otto III         *    edotto at uipsuxb.ps.uiuc.edu                 *
*  University of Illinois     *    edotto at uiucux1.cso.uiuc.edu                *

More information about the Comp.unix.admin mailing list