Re: Networking security problem?

["Roy S. Rapoport" <full-disclosure () ols inorganic org>]

On Fri, Jul 11, 2003 at 10:56:26AM +1000, gregh wrote:
> Am I being pedantic here? To my mind, if a password is required to use
> the machine locally, it should automatically require the network
> connection to be broken. XP goes back to the Welcome screen depending on
> your settings or the NT looking username and password box you would all
> know. I find it totally mystifying that a machine that is "protected" at
> keyboard level by a password so people cant get into it and look up
> sensitive info can still be gotten into at least by the local LAN and
> info STILL gained. The problem here is if a disgruntled employee went
> postal and knew this info, he/she could do what they want. I understand
> the programs and data could be protected in other ways but it also hit me
> that there must be quite a few small to medium companies living in a
> delirious limbo like this, too.
>
> Any comments? Am I just pedantic or is this really a headbanger?

Here's a nickel, kid. Go buy yourself a real OS.

Network accessibility and managing network access to sensitive resources
has little -- I'm sorry, *no* -- relation to keyboard & monitor access.  My
main server at home (on which I'm writing this right now!) is screenlocked.
If it was not network-accessible while it was screenlocked, I'd be SOL.

I was playing with screenlocked UNIX systems thirteen years ago; said
systems were perfectly accessible via the net.  This is a feature, not a
bug.

-roy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html