Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ncar!gatech!kong!emory!stiatl!pda From: pda@stiatl.UUCP (Paul Anderson) Newsgroups: news.sysadmin Subject: Re: Security checkup Keywords: security intruder self-help Message-ID: <933@stiatl.UUCP> Date: 24 Oct 88 15:43:51 GMT References: <167@carpet.WLK.COM> <1454@lznv.ATT.COM> <1834@ddsw1.MCS.COM> <1325@nmtsun.nmt.edu> <1146@unisec.usi.com> Reply-To: pda@stiatl.UUCP (Paul Anderson) Distribution: na Organization: Sales Technologies Inc., Atlanta, GA Lines: 35 In article <1146@unisec.usi.com> dpw@unisec.USI.COM (Darryl P. Wagoner) writes: ... about not discussing holes ... >The problem with this logic (besides being wrong) is that it will keep >the systems admins in the dark while the crackers pass around the holes >that they have found in the system. I second that. I remember my undergrad collegiate underground days- I often taught our admins at RPI about security. I regularly encouraged attacks on the mainframe and funny-$ for those who succeeded. And on Monday mornings I would walk into the Computing Services office and let them know where the holes were so that they could get plugged. They'd be mad as hell and indignant, because the felt that security-by-ignorance was valid security. I was regularly proving them wrong: and giving them a tighter system. It would have been just as easy not to say anything- and have open access to anything I wanted. Because nothing would have been said, the Computing Services dept would have thought their system secure. Ignorance is no defence. All effective assaults on security systems are due to holes 'in the system': operator shortcuts, coding bugs, hardware faults. We are bright people. We are taught to be innovative and have a never-say-die attitude. SO, what's gonna stop someone from breaking in? Only the possibility of teaching new sysadmins to cover as many HW and SW holes as possible. Funny thing about telecommunications: everything travels fast- even stuff the government doesn't want us to know... :-) paul -- Paul Anderson gatech!stiatl!pda Sales Technologies, Inc 3399 Peachtree Rd, NE X isn't just an adventure, Atlanta, GA (404) 841-4000 X is a way of life...