Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!relay.nswc.navy.mil!oasys!mimsy!tove.cs.umd.edu!pataky
From: pataky@tove.cs.umd.edu (Bill Pataky)
Newsgroups: comp.unix.wizards
Subject: Re: UNIX Security and Monitoring
Message-ID: <33046@mimsy.umd.edu>
Date: 16 Apr 91 14:34:26 GMT
References: <78@morwyn.UUCP>
Sender: news@mimsy.umd.edu
Reply-To: pataky@itd.nrl.navy.mil (Bill Pataky)
Organization: China Cat Sunflower Seed Company
Lines: 32

In article <78@morwyn.UUCP> forrie@morwyn.UUCP (Forrie Aldrich) writes:
>Is there a way to monitor the I/O of another terminal/port in UNIX?
>
>This would be particularly helpful in dealing with hackers and admin
>on sensitive systems.		       ^^^^^^^^^^^^^^^^^^^^

This would be even more useful to the hackers themselves.  Think about
it. 

It seems to me that security and monitoring are mutually exclusive,
especially on "sensitive systems".  Consider the following example:

You are sysadmin at a University.  The profs on your systems write their
exams on your system and encrypt them.  The student worker who does
your dumps/restores uses the monitoring tool you mention to grab the
encryption key used by his prof.  The student can then decrypt the
exam.  Or worse yet, the student can grab the entire exam as it is 
typed in leaving no changed file access times.

(I'm not saying that student workers are un-trustworthy, just using this
to illustrate a point)

Generally, any tool that allows circumvention of Unix's security 
policy even by administrators, only serves to weaken overall 
system security.


	Bill Pataky	
------------------------------------------------------------------------------
	domain:	pataky@itd.nrl.navy.mil		     voice: 202.404.8355
	path: 	..!uunet!itd.nrl.navy.mil!pataky     fax:   202.404.7942
==============================================================================