I think we have several different issues.
First, is the protection of the company's assets (eg. software, patents,
technology). When you are an engineer, and you are building kernels,
you need a machine to build it and one to boot and test it. You generally
need a network with the sources. The resp[onsibility for safeguarding
these assets lie with every employee who has access. The system
people must provide the proper firewall security to prevent exposre to the
outside. They must also provide data integrity and the appropriate
access controls so that only authorized personnel may access and
update the files.
Engineers like Bob Bell need access to the systems they use, but they
also must take on the appropriate responsibilities.
Lastly, management must take an active role in the safeguarding of
these assets. The management roles include budgeting sufficient funds
such that the assets are secured, enforcing policies, educating and
informing the staff.
There is also the issue that some engineer who does not have a need
wants root access because the other engineers have it.
On 21 Jun 2000, at 13:47, Paul Lussier wrote:
> True, but who gets the responsibility when the untrusted, non-secure host is
> used to access confidential data which was only accessible because of the
> inadequate security imposed by the existance of that host? The sysadmin,
> whose resonsibility it is to secure the network environment and therefore the
> data, or the star engineer who won the battle with management to get root
> access to the machine?
Jerry Feldman <[EMAIL PROTECTED]>
Associate Director
Boston Linux and Unix user group
http://www.blu.org
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
