-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Below:
On 1/26/2014 2:36 AM, Rich Kulawiec wrote: > On Sun, Jan 26, 2014 at 01:20:20AM -0800, Tomer Altman wrote: >> To Liberation Tech: >> >> Stanford is implementing a new security policy detailed here: >> >> http://ucomm.stanford.edu/computersecurity/ > > First, if they were serious about security, they wouldn't be using > Microsoft products. > > Second, backdooring end-user systems en masse provides one-stop > shopping to an attacker. > > Third, "locating PII on systems" is not a solved problem in > computing, and for anyone to pretend otherwise is, at best, > disengenuous. Not only that, but anyone who's been paying > attention to the re-identification problem knows that non-PII is > quite often just as sensitive. > > Fourth, the simultaneous requirement that systems be backdoored and > searchable while their disks are encrypted strongly suggests that > they intend to have a central repository of encryption keys. > > Fifth, the requirement for use of centralized backup also provides > one-stop shopping to an attacker. > > Bottom line: this isn't about security, it's about control and > monitoring. > > ---rsk > I've got to agree with Rich here -- this *is* about control & monitoring. Having said that, saying that this policy is simply about "security" is not quite correct -- it is about controlling *employee" access to, and handling of, sensitive information in the Stanford University computer network systems. But let's remember that there are *different types* of security: Ones which control & monitor, others which attempt to protect organizational users from external threats, etc. I don't believe this is pretty much /de rigueur/ and appropriate for virtually any organization which wishes to protect sensitive information, and provide some accountability. Remember: Employee prescriptive measures are different that non-employee measures. - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLlMr8ACgkQKJasdVTchbJuuAD+PE+MsNYYu73+EX6TPMZgLiX3 zei8ig48GX7Xvy/duBABAMeS10yF5L7w9bc3WOQ7ASczRlnycozj0QeWyrcYyUJs =XHRk -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.