Derek Martin <[EMAIL PROTECTED]> writes:
>It's also worth pointing out that MITRE Corp. has historically been
>one of the greatest sources of Internet-based network breakins in the
>world. Read Cliff Stoll, _The Cukoo's Egg_.
Yes, MITRE got a black eye over that one. Right after that, they
started requiring SecurID authentication for any access from outside
to inside: dialup, ftp, telnet, or ssh.
The classified machines are generally protected by alarms, combination
locks, badge magnetic strip readers, and 4-digit PIN electric locks
(yes, all four - and you thought your procedures were a PITA?). The
classified and unclassified nets are kept apart by physical separation
and/or NSA-approved crypto. Still vulnerable to an inside job, of
course - but it would require someone with a security clearance.
The Cuckoo's Egg incident was about 15 years ago, IIRC. Are we still
on parole? :-)
- Jim Van Zandt
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
