On Wed, 4 Oct 2000, Mjo wrote:
> WOW.
>
> On Wed, 04 Oct 2000, Derek Martin wrote:
> >
> > I suspect the issue here is that the system in question probably was
> > managed by reletively inexperienced system administrators who were not
> > under the umbrella of the University IT department. I might suggest
> > petitioning the staff (figuritively or litterally) to provide the students
> > with such a box, which they "oversee" so that there's some accountability.
>
> Yes, this is exactly how it works here! There is little to zero real
> supervision, and with the exeception of an occassional adjunct
> taught night course, we have no classes that cover Linux (next semester the
> cool adjunct IS teaching "Linux Security"). There is no formal instruction
> prior to being sys admin, the current admin helps train a new admin for the
> following semester. One of the reasons being admin is so attractive to people
> is that we have almost no other Linux education offered.
>
> It's a matter of balancing the fact that screw ups WILL happen if anyone is
> going to learn anything, with the fact that some screw ups must never happen no
> matter what. The responsibility should not necessarily be placed
> solely on the shoulders of the person trying to learn. Even the worst of screw
> ups will happen from time to time, thus guaranteeing that the KSC chem labs will
> always have showers. At least they finally moved the computer labs so they
> aren't right underneath the labs without drains.
>
As I suspected in my first post, the real issue here is not the OS, or
even the tech staff, it's the "environment" created by the college
admin. Security is not something that "just happens," it is created
by higher ups knowing its importance, and creating the environment to
allow it to happen. This includes training people on security,
recognizing that there is no such thing as perfect security (thus
being willing to accept that sometimes breakins happen, despite all
work, so you minimize what is vulnerable), recognizing that security
is all-encompassing (it's not just network, it's physical security,
personnel security, etc), and recognizing that if people feel they are
valued and are treated accordingly, they are more likely to take
security seriously and to protect those who are "protecting them." No
OS, no app, nothing, is in and of itself secure or vulnerable, only
secure within the context of the environment it exists in. (Windows
on a dead machine is relatively secure from remote exploit. Useless,
but secure). Security is a state of mind (also called paranoid).
Jerry - I know you said you're going to talk to the admin (or try to).
I can't speak for Kenny (our resident paranoid^H^H^H^H^H^H^H^Ysecurity
person), but I used to do this for a living, and would be willing to
help out in talking to them.
jeff
------------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9739 fax:978.446.9470
------------------------------------------------------------------------
Thought for today: Pentagram Pro n.
A humorous corruption of "Pentium
Pro", with a Satanic reference, implying that the chip is
inherently evil. Often used with "666 MHz"; there is a
T-shirt. See Pentium
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
