In a message dated: Thu, 22 Jun 2000 09:43:52 EDT
Bob Bell said:
> (1) If an engineer is responsible for administering
>his own system, he should likely have the root password then
>(although, as mentioned, you may want to provide separation from the
>production environment).
Correct, sortof. The reason for the separation is as much to protect the rest
of the environment from a machine that goes haywire as it is to separate the
untrusted hosts from the trusted ones. If we know that the "untrusted"
systems are all on one subnet, we can easily ensure nothing gets exported to
the entire subnet. (sure, someone can can easily move that system to another
subnet and change the IP, *but* that directly points to malicious intent, and
if all the casual snooper wants is to read someone elses files, that a bit too
much work).
> (2) You state that "if they go so far", they
>should not be employeed. How is this different from giving them root
>on a machine and doing your best to make sure that NIS/NFS/etc. setups
>won't let them get root on a "more valuable" machine. You're
>basically saying that you have to give up at some point and say
>"Well, if they're that dedicated, there's nothing we can reasonable
>do". If that's the case, why not let a test machine on which I have
>root access be on the same network as a production machine on which
>sys admins prefer that I don't get root. After all, if there is a bug
>in NIS that allows this, we should fix it right? Also, since I'm
>writing the software that goes onto these machines (in my specific
>case), I could "go so far" as to specifically overlook a bug that
>would allow me root access in the future. I guess I would just draw
>the line at a different point.
Okay, let me ask a few questions:
Do you know every person in the building?
Do you know all the security staff?
Do you know all the custodial staff?
The majority of security measures are aimed at keeping people from the
outside off the network. Yet the majority of industrial espionage occurs
from *within* the company. If I were bent on obtaining corporate secrets
from some company, the first thing I'd do is get a job on their custodial or
security staff, or just get a job at the company. Once I have physical access
to the network, everything else is just mere details. Look around your
company tonight as you leave. How many people lock their screens or log out
before going home? I'm willing to bet at least 10 people whose offices you
pass have left their systems logged in with no screen lock (I'm not saying
that screen locks are secure, but at least it's something). No, pick any one
of those 10 or more people. Imagine they have root access, and one window is
left logged in as root. Next comes the janitor/industrial spy. There's
absolutely no effort for him/her to now access most everything he/she needs
now that they have root.
Now they can su to any user at all and access anything they need to.
Now, if the only systems with root access were in a separate lab, and no NIS/
NFS were enabled, local password/host files were essentially empty, they'd
have a much tougher time accessing corporate data. Most people would probably
be suspicious if they saw a non-engineer/sysadmin walking down the hall with a
system as they moved it to another location so they can then take advantage of
the root access to gain priviledges elsewhere on the network.
The point of security is to keep honest people honest, dishonest people out,
and hopefully force those with malicious intent to jump through enough
hoops such that they get caught.
--
Seeya,
Paul
----
"I always explain our company via interpretive dance.
I meet lots of interesting people that way."
Niall Kavanagh, 10 April, 2000
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
