Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!apple!agate!shelby!msi.umn.edu!noc.MR.NET!gacvx2.gac.edu!dan
From: dan@gacvx2.gac.edu
Newsgroups: comp.sys.dec
Subject: Re: Summary: preventing dec3100 single user booting (protecting root)
Message-ID: <1990Nov29.213816.780@gacvx2.gac.edu>
Date: 30 Nov 90 03:38:16 GMT
References: <1990Nov27.211621.1501@zaphod.mps.ohio-state.edu> <161@raysnec.UUCP> <1990Nov29.221947.21056@decuac.dec.com>
Organization: Gustavus Adolphus College, St. Peter, Minnesota
Lines: 31

In article <1990Nov29.221947.21056@decuac.dec.com>, mjr@hussar.dco.dec.com (Marcus J. Ranum) writes:
> In article <161@raysnec.UUCP> shwake@raysnec.UUCP (Ray Shwake) writes:
>>
>>	Well, how about pushing vendors to design hardware interlocks that
>>	prevent system boots, or disable terminal or keyboard response?
> 
> 	What, like the "locks" on IBM PC/ATs ? The ones that can be
> disabled instantly by unplugging a wire on the motherboard ?
> 
>>>>DELETED<<<< - a triade of nothing is secure!!!

You are correct, any system devised my man can, in time, be undone by man. 
Computers just make it take less time.  A single user boot is a quick,
undetectable, way to gain priviledged access to a computer system.  Just
because it is probably not possible to devise a system that would prevent 
any unauthorized access, does not mean it should be left wide open.  I do
expect a system vendor to make it difficult to get my data, not impossible. 
More than once I have been glad for back doors into the computers I manage.
It should take more than one cracker telling another "Just type 'b -s' and the
system is yours..."  In my environment (a college) absolute data security is
not an issue, however confidentiality of data, and damage to data due to
unathorized/possibily malicious access is.  Trying running a lab of Macintosh
or PC's, with hard disks, with novice users, for a week, without a tape
backup and you will know what I mean.  Workstations are moving out of the power
users office and into the computer lab!

-- 
Dan Boehlke                    Internet:  dan@gac.edu
Campus Network Manager         BITNET:    dan@gacvax1.bitnet
Gustavus Adolphus College
St. Peter, MN 56082 USA        Phone:     (507)931-7596