Path: utzoo!attcan!utgpu!news-server.csri.toronto.edu!mailrus!wuarchive!udel!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn)
Newsgroups: comp.unix.questions
Subject: Re: Why idle users should be killed (was Re: Preventing Idle in telnet)
Message-ID: <13985@smoke.BRL.MIL>
Date: 1 Oct 90 03:13:14 GMT
References: <24593@adm.BRL.MIL> <13970@smoke.BRL.MIL> <4133@lib.tmc.edu>
Organization: U.S. Army Ballistic Research Laboratory, APG, MD.
Lines: 18

In article <4133@lib.tmc.edu> jmaynard@thesis1.hsch.utexas.edu (Jay Maynard) writes:
>In article <13970@smoke.BRL.MIL> gwyn@smoke.BRL.MIL (Doug Gwyn) writes:
>>Seriously, you seem to imply that there is some sort of "problem"
>>that needs to be solved.  Just what IS the problem?
>This is primarily a security issue. The problem is that users will walk off
>and leave their terminals logged on, thus allowing someone else to walk up
>to the terminal and gain the security privileges of the original user.

Ah, but you don't solve that problem by timing out the connection after
a certain amount of inactivity; you merely reduce the time during which
some unauthorized person can exploit this situation.  To solve the problem,
you need to educate your users in the necessity of logging off or at least
running some sort of approved "terminal lock" program when leaving their
terminal unattended, and they must be convinced that they should do it AND
that failure to cooperate in computer security matters will result in
suitable corrective action, such as firing them or removing their access.
People problems need people solutions; attempts to automate technical
solutions generally don't really work.