Path: utzoo!news-server.csri.toronto.edu!rutgers!gatech!prism!dali.gatech.edu!ken
From: ken@dali.gatech.edu (Ken Seefried iii)
Newsgroups: comp.unix.internals
Subject: Re: Unix security additions
Message-ID: <24051@hydra.gatech.EDU>
Date: 11 Mar 91 18:01:16 GMT
References: <39950@cup.portal.com> <1819@svin02.info.win.tue.nl>
Sender: news@prism.gatech.EDU
Reply-To: ken@dali.gatech.edu (Ken Seefried iii)
Organization: The House Of Fun
Lines: 29

In article <1819@svin02.info.win.tue.nl> rcpieter@info.win.tue.nl writes:
>PLS@cup.portal.com (Paul L Schauble) writes:
>
>>I'm curious: What do you think are the five most significant changes or 
>>additions that have been made to Unix to improve its security?
>
>Which brings up the question of the largest still existing security
>leak:  Why does UNIX still trust the network (ethernet in most cases)
>it is attached to?  Nothing is simpler than plugging a PC into an
>ethernet (for instance using a PC at a publicly accessible place) and
>watch the packets go by.  Five minutes waiting brings you a lot of
>passwords.  When will internet packets start being encrypted?
>

A few things...

There has never been any substitue for physical security.  No matter
what type of network you have (that I know of, that is), anyone with
physical access to the hardware can break into machines.

As far as packet encryption goes, I suppose it will be done when there
is enough spare cycles in all the cpus in the network or ethernet
boards are built with the hardware on board.  In this day and age, a
trivial encryption algorithm is no protection.

--
	ken seefried iii	"A sneer, a snarl, a whip that
	ken@dali.cc.gatech.edu	 stings...these are a few of
				 my favorite things..."