Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!samsung!uunet!vtserf!marchany From: marchany@vtserf.cc.vt.edu (Randy Marchany) Newsgroups: comp.admin.policy Subject: Re: SUSPEND SYSOPS, NOT STUDENTS Message-ID: <1948@vtserf.cc.vt.edu> Date: 21 Jun 91 14:34:17 GMT References: Organization: Virginia Tech, Blacksburg, VA Lines: 37 In article jbw@maverick.uswest.com (Joe Wells) writes: > > In my experience, most administrators don't mind security conscious users. > What they generally do mind is finding users who are 'evaluating' the system's > security without prior consultation. > >You mean they mind users embarrasing them by showing that they aren't >doing their job? > Really now. This whole issue has gone far enough. There is NO problem with users "checking" system security IF they advise the sysadmin BEFORE they do it AND, I repeat, AND it is permissible under the site's existing policy. In fact, most sites' policies will/should deal with this scenario. Sending a note IN ADVANCE to the sysadmin is 1) COMMON COURTESY 2) CYA with the syadmin 3) PREVENTS misunderstandings. To use an oft-quoted analogy, if someone comes up to me and says, "hey, I'm going to check the security of this building" BEFORE they do it, I would feel more comfortable. A good working environment requires GOOD communication between sysadmin and users. The tone of a lot of the notes on this topic has been quite adversarial (users vs. them (sysadmin, administrators, etc.). Come on, most syadmins are not ogres, incompetent boobs or paranoid bozos. Most sysadmins were "users" before they became sysadmins and were probably "hackers" themselves. The IETF working group on Site Security Policies specifically mentions that individual sites need to make a decision on how to handle "tiger teams" (after all, this is really what this particular discussion has been about... a tiger team of 1). SO, if it's permitted under a site's policy, then this discussion has reached its logical conclusion and if it's not permitted under a site's policy then this discussion has reached its logical conclusion. -Randy Marchany "my opinions are my own"