In a message dated: Wed, 21 Jun 2000 19:48:52 EDT
Benjamin Scott said:
>On Wed, 21 Jun 2000, Paul Lussier wrote:
>> True, but who gets the responsibility when the untrusted, non-secure host is
>
>> used to access confidential data which was only accessible because of the
>> inadequate security imposed by the existance of that host?
>> ... I can tell you, the sysadmin would get the blame *and* the boot ...
>
> And if you're depending on desktop workstations to remain secure simply
>because the user "doesn't know the root password", you *deserve* to get the
>boot when it comes.
>
> Anyone who has physical access to the machine already *has* effective
>superuser access. Don't use simple host trust relationships in any
>environment that isn't physically locked down as tight as a drum.
>> Root access to any machine constitutes a threat to both, and *that* is
>> what we're trying to eliminate.
>
> I think you place *way* too much trust in that simple alphanumeric string
>that is the root password. You seem to imply that unlimited, unchecked "sudo"
>access is fine and dandy, but that knowing what the string in /etc/shadow was
>hashed from will blow you out of the water. At the same time, you seem to
>imply that you're using blind host trust relationships. Such that any machine
>on your network claiming to be authorized as root is considered to be telling
>the truth. If that's the case, Paul, you've got bigger problems then someone
>knowing what the root password is on their workstation.
I think you read way too much into this debate, and I don't believe I ever
made any statement indicating that I place all my beliefs of security in who
has root access. I also never implied that "unchecked sudo access is fine and
dandy" as you put it. What I said was that sudo can be used to accomodate any
need, and it can. Additionally, the debate is over the merits of restricted
vs. wide open root access, not an detailed explanation of my security
practices.
> However, I'd like to think I know you well enough to say that you're smart
>enough not to be doing that. That machines aren't trusted simply because they
>say they should be. And, if that is the case, then somebody knowing the root
>password on their workstation isn't the catastrophe you make it out to be.
Did I ever say they were? There is. as you pointed out, more to security than
restricting the root password. Restricting root acces is merely 1 point on
the security checklist. But if it's compromised, you can't really count on
much else remaining secure.
>> Anyone have a Palm Pilot they sync with their system at work? It's simple
>> for root to access those files, copy them somewhere else and install them
>> on another pilot elsewhere.
>
> That's right. And, of course, the admin staff *does* have the root
>password.
That's right we do, which is why I pointed all that out. If you keep personal
information on your company's network with the belief that no one will
access it because it's none of they're business, you're either very naiive,
or very stupid. At least set the permissions of the directory structure
properly, and if you feel it's necessary, encrypt the data. Better yet, DON'T
STORE PERSONAL DATA ON YOUR COMPANY'S NETWORK!
I'm not saying I personally care or have the time to look at what people keep
in the home dirs, and I can tell you that I do not invade people's privacy,
but should you trust me? I don't. I don't keep stuff in my home directory I
care about. I also don't keep e-mail I don't want others to read. I'm not
the only one here who has root, and I know I can't count on our security to
keep the "truly dedicated to breaking in" out. I therefore take personal
responsibility for ensuring my own privacy, and anything that's compromised is
therefore *my* fault. Not because I'm the sysadmin and should have secured
the network, but because I was stupid and kept personal information on an
untrusted network.
>> I'd much rather be playing with neat things like Linux clustering than
>> making sure my network is secure :)
>
> I find that, in many cases (note: many != all != most) where some developer
>wants root on his development box, one of the major reasons they want it is
>*because* they know the admins are too busy running around admin'ing things to
>worry about the latest thing the developer needs changed on his box. They're
>trying to save you the trouble, so you can have the time to play with neat
>things.
Agreed. And I am willing to give lab enviroment machine root access to those
individuals providing they don't use things like NIS/NFS, etc. Desktops on
the corporate network are my responsibility, if they break it's my job to fix
them. Additionally, if the admins are that busy that they can't accomodate
your needs in a timely manner, it's time to either escalate your needs via
management and have the sysadmins priorities changed, or start harassing
management that you need more sysadmins.
>> By the way, we as sysadmins have a job to do too.
>
> You're right. It's supporting your company's operations. Don't ever forget
>you're not the reason the network is there.
That's right, and if my network is not properly secured, and the one whiz-bang
product we're working on is stolen out from under us causing us to go
belly-up, what good came of me giving to personal convenience?
--
Seeya,
Paul
----
"I always explain our company via interpretive dance.
I meet lots of interesting people that way."
Niall Kavanagh, 10 April, 2000
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
