Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!decvax!decwrl!ucbvax!info-vax
From: info-vax@ucbvax.UUCP
Newsgroups: mod.computers.vax
Subject: Re: Does DEC even care about security issues
Message-ID: <8511210739.AA10713@dual.UUCP>
Date: Thu, 21-Nov-85 02:39:40 EST
Article-I.D.: dual.8511210739.AA10713
Posted: Thu Nov 21 02:39:40 1985
Date-Received: Sat, 23-Nov-85 08:11:08 EST
References: <8511180828.AA21362@ucbvax.berkeley.edu>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 46
Approved: info-vax@sri-kl.arpa
Summary: security by hiding the manual doesn't work!

> From: Magill@UPENN.CSNET (MSCF Operations Manager)
> Date: 17 Nov 85 02:57:00 GMT
> One aspect of the security issue overlooked in the
> discussion is DEC's concern about security.
> They don't really care about security - They will give
> ANYBODY with the $$ the COMPLETE documentation to the
> security system.

If there aren't any holes in it, giving people the manual will gain
them nothing. If there are holes, hiding the manual won't help for
long. DEC's security features are the fairly standard ones.

> Any operating system which does NOT PERMIT its backup
> system to enforce standard labels can't even joke about
> security - they simply don't give a damm.

Anyone who believes any scheme of labeling will protect tape
security is a fool. I'll just take your Sperry tapes and read
them on my Unix system, laughing at your tape labels saying I
don't have permission. The Unix 'ansitar' program is too dumb
to understand the protection labels. Fix it, you say? How? The
source is public domain, as is the ANSI standard.

> Any system which permits ANY user to arbitrarily overrule
> standard ANSI tape labels cannot even jokeingly talk
> about secureity. I can not even protect my backup tapes
> from users except by physically locking them up.

You mean you let anyone who wants to mount a tape on your tape drives?

As long as one such system exists in the world, no ANSI
tape is secure. All the tape labels can do is protect against
accidental destruction of good data. Of course you can't protect
your backup tapes from users without locking them up! Anyway, what
if your facility burns down? You should have at least some backups
in a fireproof safe (though this won't guarantee that they will survive).

Too many people on this list think the best solution to security problems
is to ignore them and be quiet about them and hope that the word doesn't
get out. That is wrong; it never worked and it's even less likely to
in the future.

--
Joe Buck				|  Entropic Processing, Inc.
UUCP: {ucbvax,ihnp4}!dual!epicen!jbuck  |  10011 N. Foothill Blvd.
ARPA: dual!epicen!jbuck@BERKELEY.ARPA   |  Cupertino, CA 95014