Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!cbnews!cbnews!military From: pataky@tove.cs.umd.edu (Bill Pataky) Newsgroups: sci.military Subject: Security (was Tempest report) Message-ID: <1991Feb15.072536.11948@cbnews.att.com> Date: 15 Feb 91 07:25:36 GMT Sender: military@cbnews.att.com (William B. Thacker) Organization: U.S. Naval Research Laboratory, Washington, D.C. Lines: 38 Approved: military@att.att.com From: pataky@tove.cs.umd.edu (Bill Pataky) In article <1991Feb13.223229.8138@cbnews.att.com> optilink!cramer@uunet.UU.NET (Clayton Cramer) writes: > >One of the janitors hit a big switch downstairs with his mop >handle while cleaning the floor. So I decided to take a careful >look at the badges used by the janitors in SFOF. Sure enough, >no picture badges, and a generic mag stripe card to get them >in every room in the building. All these security precautions >could have been easily circumvented by getting a job with the >janitorial firm (an outside contractor), and just walking in >the door with a mop. > >Does it seem like the people responsible for "security" like >to play with neat toys? Well, rather than bash the entire community responsible for physical and electronic security, I think you probably should focus on the site security officer at JPL at that time. He/she obviously neglected to identify the weak link in the system and assess the threat from that link. I suspect he/she was subsequently relieved of those duties. On computer security: The idea of bribing an insider is specifically what Multi-Level Security systems are designed to limit. Mandatory access controls combined with discretionary access controls will limit the amount of damage a particular individual can do. Bill Pataky ------------------------------------------------------------------------------ domain: pataky@itd.nrl.navy.mil voice: 202.404.7110 path: ..!uunet!itd.nrl.navy.mil!pataky fax: 202.404.7942 ==============================================================================