UNIX Security and Monitoring
Bill Pataky
pataky at tove.cs.umd.edu
Wed Apr 17 00:34:26 AEST 1991
In article <78 at morwyn.UUCP> forrie at morwyn.UUCP (Forrie Aldrich) writes:
>Is there a way to monitor the I/O of another terminal/port in UNIX?
>
>This would be particularly helpful in dealing with hackers and admin
>on sensitive systems. ^^^^^^^^^^^^^^^^^^^^
This would be even more useful to the hackers themselves. Think about
it.
It seems to me that security and monitoring are mutually exclusive,
especially on "sensitive systems". Consider the following example:
You are sysadmin at a University. The profs on your systems write their
exams on your system and encrypt them. The student worker who does
your dumps/restores uses the monitoring tool you mention to grab the
encryption key used by his prof. The student can then decrypt the
exam. Or worse yet, the student can grab the entire exam as it is
typed in leaving no changed file access times.
(I'm not saying that student workers are un-trustworthy, just using this
to illustrate a point)
Generally, any tool that allows circumvention of Unix's security
policy even by administrators, only serves to weaken overall
system security.
Bill Pataky
------------------------------------------------------------------------------
domain: pataky at itd.nrl.navy.mil voice: 202.404.8355
path: ..!uunet!itd.nrl.navy.mil!pataky fax: 202.404.7942
==============================================================================
More information about the Comp.unix.wizards
mailing list