Re: root access

Sat, 24 Jun 2000 14:03:33 -0700 

On Sat, 24 Jun 2000, Derek Martin wrote:

> > The classified machines are generally protected by alarms, combination
> > locks, badge magnetic strip readers, and 4-digit PIN electric locks
> > (yes, all four - and you thought your procedures were a PITA?).  The
> > classified and unclassified nets are kept apart by physical separation
> > and/or NSA-approved crypto.  Still vulnerable to an inside job, of
> > course - but it would require someone with a security clearance.

Mission Impossible (the first one)?

> Note that none of what you said says much about how the systems are
> connected, and what kinds of security measures are taken to secure the
> trusted hosts from eachother... from what you said, we could assume that
> once you had access to one via your PIN, card, rectal scan, what have
                                                 ^^^^^^^^^^^

Eew.  I'll pass, thanks.


> you, that you had free reign across the network.  I doubt that's the case,
> but you've left it to our imagination.
> 
> 

I remember having heard that the most secure system would have to be
unplugged, locked in a reinforced vault, under 24/7 trusted (AKA well
paid with families held hostage) guards, and even then may be.

On my own systems, it is a matter of trust.  Three people have root in
case any two of us get in close with a large object with too much
inertia.  Soon that may change, as the system stabilizes, and one person
takes on responsibility for the box.

Of course, our system mostly just handles regular email and web traffic,
so it doesn't have to be fort knox.  But our billing system will
be.  Even I don't have sudo on that one... and I keep the paper backups.


Brian

---------------------------------------------------------------
|  [EMAIL PROTECTED]                Spam me and DIE!       |
|                 http://www.datasquire.net                   |
|                 Co-Founder & Co-Owner of                    |
|              Data Squire Internet Services                  |
---------------------------------------------------------------


**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************

Reply via email to