Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!brl-adm!adm!mike@BRL.ARPA
From: mike@BRL.ARPA (Mike Muuss)
Newsgroups: comp.unix.wizards
Subject: Re:  Unix userid conventions
Message-ID: <4831@brl-adm.ARPA>
Date: Mon, 9-Mar-87 23:19:53 EST
Article-I.D.: brl-adm.4831
Posted: Mon Mar  9 23:19:53 1987
Date-Received: Tue, 10-Mar-87 07:18:29 EST
Sender: news@brl-adm.ARPA
Lines: 31

BRL UNIX Release #3 and beyond have a variety of improvements to
the security mechanisms of UNIX, especially in LOGIN, where
stricter logging/disconnect policies are implemented, and in
PASSWD, where user-selected passwords must clear dictionary lookups,
local dictionary lookups, and a local administrator "hotlist"
which includes passwords like the ever-popular "susan".

There is no additional security obtained by having gibberish user
names.  Not counting the "who" and "ls" commands available to other
local users, the first time each user posts mail and/or netnews,
their username is "out of the bag".  Big deal.

For a really cogent discussion of computer security, may I refer you
to Army Regulation 380-380 (available from the Government Printing
Orifice) -- it's one of the few well written Government security
regulations.  Observe how it spends most of it's time discussing
physical security, and personnel screening.

To your IBM folks, just bellow "Egads, it's User Hostile"
and beat a hasty retreat.

Best,
 -Mike Muuss

Postal:
  Mike Muuss
  Leader, Advanced Computer Systems Team
  Systems Engineering and Concepts Analysis Division
  U.S. Army Ballistic Research Laboratory
  Attn: SLCBR-SECAD (Muuss)
  APG, MD  21005-5066