Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cwjcc!gatech!rutgers!bellcore!texbell!ssbn!bill From: bill@ssbn.WLK.COM (Bill Kennedy) Newsgroups: news.sysadmin Subject: Re: Security checkup Message-ID: <234@ssbn.WLK.COM> Date: 31 Oct 88 07:48:48 GMT References: <167@carpet.WLK.COM> <1454@lznv.ATT.COM> <1834@ddsw1.MCS.COM> <1325@nmtsun.nmt.edu> <1146@unisec.usi.com> <933@stiatl.UUCP> <170@carpet.WLK.COM> <363@mccc.UUCP> Reply-To: bill@ssbn.WLK.COM (Bill Kennedy) Distribution: na Organization: W.L. Kennedy Jr. and Associates, Pipe Creek, TX Lines: 41 In article <363@mccc.UUCP> pjh@mccc.UUCP (Pete Holsberg) writes: >In article <170@carpet.WLK.COM> I wrote: [ I broke the data center window, description deleted ] > >Was that window facing the outside world? Did you have to pay for it? No, the window faced inside to a courtyard and the building access was limited to badge carrying employees. Also no, I didn't have to pay for it. I fear I may have obscured my own point. I don't think that there is anything that can secure a computer site from an accomplished and determined vandal (I call them renegade programmers). Further, physical security is just as important as any other kind. Some would say it's more important. A large part of security (in my opinion) is plain old common sense. That's why I told the window breaking tale. Companies like to show off their frammis-mongo data centers with big windows, etc. A disgruntled employee (not yet terminated) or neo-terrorist could mortally wound such a firm by tossing something through the window as I did (as part of an *assigned* duty). Recently the GAO criticized the U.S. Air Force and Lockheed Missles & Space Company for poor security at the "Blue Cube" (a satellite control center). They said that any terrorist with a hand grenade could disable it. That was true as recently as last Thurday as I drove by it unless there's something new in that big air chute. I'll not consume much more bandwidth with this but there has been a meddler messing with the nuucp log in on this system. Sure, they get dropped into uucico and have to figure out what to do with that, but it still makes me nervous (I wish I worked for the phone company and could ANI the jerk!). OK, so in a week or less the no password nuucp account will be history, it would be sooner if I could be sure that all the legitimate neighbors had their new ID's and passwords. It's no fun having a complicated log in procedure. If I had a big fancy computer it would be no fun putting it in a fortress. But I'll conclude with a decent analogy. Look around at your telephone company offices that contain switching equipment. See any windows? See any frame (wood) construction? Nope, they are as physically secure as practical. -- Bill Kennedy usenet {killer,att,rutgers,sun!daver,uunet!bigtex}!ssbn!bill internet bill@ssbn.WLK.COM