On Wed, 21 Jun 2000, Kenneth E. Lussier wrote:
> Jerry and Bob have both stated that it would be "an inconvenience to not
> have root". Well, if you can say that it is an inconvenience, then that
> means you already know that it can be done, you just don't want to spend
> the time or the effort to do it.
Wrong. If that was the case, we wouldn't have networks, we would just use
sloppy floppy copies for everything. That is just a matter of time and
effort, after all.
*ALL* of security revolves around risk/benefit analysis. You measure the
risk something carries against the benefit it provides.
> When personal convenience overrides the security of the company ...
How about the personal convenience of the admin staff?
> However, since the box they are testing on is connected to the CAT5, the
> CAT5 is connected to switch, the switch is connected to the router, and
> the router is connected to the firewall, then that engineer that is
> arrogant enough to demand root needs to take responsibility for EVERYTHING
> that that system affects.
And you're basing all your security on the fact that the user doesn't have
the root password?
Since engineers are obviously completely untrustworthy, how do you prevent
them from bring their own laptop in and hooking it up to that same ethernet?
> When they misconfigure a system and cause a data storm and bring down the
> network for an entire company, THEY need to fix it.
If someone's testbeding something like that, you damn well better have it
behind an interior firewall, or *you* -- *the admin* -- aren't doing your job.
> Basically, it's nice to say that the engineer will be responsible for
> fixing the box that they break, but how about everything else that they
> break because of it.
And when did the admin staff become perfect? What happens when *they* screw
up and break the whole network?
> It is actually very basic: people want what they want, when they want it,
> and they like to think that they are important enough to demand and get
> it. Engineers, managers, Vice Presidents, etc.
... sysadmins ...
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
