Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!visix!news
From: amanda@visix.com (Amanda Walker)
Newsgroups: comp.protocols.appletalk
Subject: Re: Watch, peeking, and security threats
Message-ID: <1991May20.173119.4279@visix.com>
Date: 20 May 91 17:31:19 GMT
References: <9105160430.AA04272@eclectic.com>
	<1991May16.142436.15468@news.larc.nasa.gov>
Sender: news@visix.com
Organization: Visix Software Inc., Reston, VA
Lines: 30

kludge@grissom.larc.nasa.gov ( Scott Dorsey) writes:

   While much of it is indeed the fault of the protocol, a good deal of blame
   should be laid on an operating system which permits any user running any
   program to access any device in any way.

I think that this is still misplacing "the blame."  In my opinion (which
stems from having managed networks of hundreds of Macs & workstations), the 
central problem is assuming that it is *possible* to secure the machines
at all.  It is impossible to guarantee any level of security when your
network has Macs, PCs, or workstations available for use by the public;
neither is it possible if you do not secure the actual connectors & cables
on your network.

On both Macs and PCs, anyone can write or run programs which talk to
the hardware.  On Suns and most other workstations, anyone who wants
to badly enough can break into UNIX as root, and proceed to talk to
the hardware.  In fact, most UNIX machines are quite insecure even
*without* physical access to the machine.

One approach is to use security systems (such as Kerberos) which do not
depend on the physical security of the machines or the network.  If this
is infeasible, the best you can probably do is punish people you can catch,
and live with the reality that anyone who wants to badly enough will
compromise your security.
--
Amanda Walker						      amanda@visix.com
Visix Software Inc.					...!uunet!visix!amanda
-- 
UNIX: The only operating system that can be destroyed by mail.