Firewall Wizards mailing list archives
Re: Castles and Security (fwd)
From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 4 Jan 2001 12:21:49 +1100 (EST)
In some email I received from John McDermott, sie wrote:
Darren Reed wrote:Why just networks and castles ? What this really boils down to is that your logical security mechanisms (network, etc) need to be at least as strong as the physical measures you put in place (megnetic locks on doors, etc). If only the President of Acme Inc. can get into his office then only the President of Acme Inc. should be able to use the computer on his desk, etc, regardless of whether or not it is networked.Unless the Prez installed, say, VNC on his computer so he could work from home and neglected to specify a password...
I think you've totally missed the point I was making. Unless you're saying that the security of his workstation, at work, is now equivalent to the physical security of his house/office (actually, whichever has the lower level of security). In which case, mentioning the lack of password is irrelevant. I'm not so much concerned with the implementation difficulties of specific scenarios such as the one you've painted but getting people to think about the problem in a meaningful manner. Heck, even if there is a password set you then have to worry about encryption to home, buffer overflows in their implementation of the protocol(s), etc. Worrying about a password is not so important as is it appropriate for them (or anyone) to view company confidential documents wherever they may be ? I can't imagine anyone from the military would take kindly to seeing someone on a plane reading a classified document (well that belonged to their side anyway :)) so nor should he be able to read C-I-C documents from insecure locations. The problem of passwords is peripheral to the real problems and is a "bad software" problem (heck, we shouldn't need passwords anyway, computers should just *know* via other means). Other details such as whether or not such a person should be installing software, does it fall within the security policy, etc, are also relevant but peripheral to the point I was making: people will follow the path of least resistance to get in, regardless of whether that is through the front door or over the WAN. If all paths have the same amount of "resistance" then you should be able to feel comfortable with your security. If you have a security dude watching everyone come in your front door, you should have a security dude watching everyone come in over the internet. It might also mean that any access to the president's computer needs to be ok'd with the secretary (or equivalent thereof) or at home, you'd need to get their spouse's ok. That sort of thing is what I mean. Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Castles and Security (fwd), (continued)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- Re: Castles and Security (fwd) Crist Clark (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- Re: Castles and Security (fwd) Antonomasia (Jan 03)
- RE: Castles and Security (fwd) Stiennon,Richard (Jan 03)
- RE: Castles and Security (fwd) Security Related (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- Re: Castles and Security (fwd) Crispin Cowan (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- RE: Castles and Security (fwd) Lance Spitzner (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security (fwd) John McDermott (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security (fwd) M.Schubert (Jan 04)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security Title Randy Grimshaw (Jan 04)
- RE: Castles and Security (fwd) daN. (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 04)
- Re: Castles and Security (fwd) Neil Buckley (Jan 05)
- Re: Castles and Security (fwd) Adam Shostack (Jan 08)
- Targeting (was Castles and Security) Stephen P. Berry (Jan 08)