Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!ukc!dcl-cs!aber-cs!athene!pcg From: pcg@cs.aber.ac.uk (Piercarlo Grandi) Newsgroups: comp.protocols.tcp-ip Subject: Re: Reducing the risks when connecting to an Internet Message-ID: Date: 2 Dec 90 14:58:25 GMT References: <9011270314.AA29123@ucbvax.Berkeley.EDU> Sender: pcg@aber-cs.UUCP Organization: Coleg Prifysgol Cymru Lines: 65 Nntp-Posting-Host: odin In-reply-to: damian@SRLVX0.SRL.FORD.COM's message of 26 Nov 90 17:32:00 GMT On 26 Nov 90 17:32:00 GMT, damian@SRLVX0.SRL.FORD.COM ("Jerry Damian") said: damian> Referencing <1990Nov26.151017.2023@hemel.bull.co.uk>. I agree damian> completely with all comments regarding host based security damian> rather than network imposed security. However, that is often not damian> possible due to the internal politics of an enterprise network damian> and who administers its hosts. Well, if you are given goals and responsibility for them and not the ability to reach them, you are in a grave situation. You may be able to come up with a temporary patch up job, that will make people think that you have solved the problem, until disaster strikes, and *you* are the scapegoat. damian> The majority of hosts on my internet are administered by damian> engineers NOT network managers or systems programmers. The damian> reality of my situation is that I cannot dictate how individual damian> hosts are to be configured because I do not own them. This sums up to saying that these machines have ZERO (repeat ZERO) security. Does it really make a difference whether anybody within the company or anybody within the Internet can access them? How do you know that one of these guys does not already have an Internet connection? This is a deadly serious problem. You cannot take responsibility for the security of machines you do not own. Monitoring or controlling internet traffic is just not a viable substitute (monitoring however is an important aid). I would not bet my job and reputation on it. damian> Yes, this does lead to MANY problems... Limiting the visibility damian> of an internet via router/bridge filtering will buy time until damian> you can get the job done right. But as somebody else has said the solution is not to filter packets. It is to establish a gateway under administrative control, and allow internet access only from the gateway machine(s). Otherwise you (I mean here "you, the generic sysadmin") are going to have the unsustainable problem of being *responsible* for internet traffic while you have no control over the security of *neither* of the machines involved. This is a joke. The time it buys you is not the time to build the right solution; it just gives the illusion that the problem has been solved, and this will mean that the right solution will be no longer urgent. Note that I do not advocate you having control over all the machines at your site -- this would be a nightmare for your site and you (unless you are one of the many mad and insecure sysadmins with world-domination plans :->). What I am saying is that you should take responsibility only for what you can reliably devote your attention to, which usually is very little, and making your management accept the situation. If they don't accept the situation and tell you not to cause problems, you are risking your job and reputation (by all means put into writing your comments, cover your ass, find another job, ...). I wish people studied more closely the environment of project Athena (or Andrew). Only a few core machines are well protected and secured, and any other is just not trusted. Security, even at minimal levels, is terribly difficult and expensive, and rarely needed... Finally, my favourite quote (I don't know whom from): the greatest security hazard is a false sense of security. -- Piercarlo Grandi | ARPA: pcg%uk.ac.aber.cs@nsfnet-relay.ac.uk Dept of CS, UCW Aberystwyth | UUCP: ...!mcsun!ukc!aber-cs!pcg Penglais, Aberystwyth SY23 3BZ, UK | INET: pcg@cs.aber.ac.uk Brought to you by Super Global Mega Corp .com