On Friday, 02/10/2006 at 06:55 CST, Marcy Cortes <[EMAIL PROTECTED]> wrote: > I guess I don't see anyone breaking into the class G guest if the class > G guest doesn't a password and is logon by only by the systems > programmers with her password. I guess in theory they could somehow get > to cp by linux, but then he'd already have the NIC anyway.
If you have only one VSWITCH defined, then the risk is obviously minor. But what if you had two VSWITCHes, one that faced the Internet and another that faced your intranet? The risk of breakin may be low, but the consequences of the Linux guest connecting to both VSWITCHes without your explicit permission would be significant. It would be like giving some distributed server access to a trunk port on a switch with authorization to all VLANs. <shudder> But I appreciate that in non-security-conscious environments the RESTRICTED nature of a VSWITCH can be annoying. But maybe it's only annoying because it is easy to forget to authorize the access? A final thought... The best security controls are in an ESM. You can lay your system bare if that's what you want to do. That is to say, an ESM provides not only extra security, but extra non-security if so configured. With RACF, a single generic profile could be defined with UACC(UPDATE), allowing every user on the system to connect to any Guest LAN or VSWITCH. Philosophy #37: It should be HARD to get your system into a wide-open state. No accidental tourists. In fact, security standards are moving in the direction of requiring *two* privileged users to deactivate the security controls. (You know, both have to insert and turn their keys at the same time.) Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
