Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!rutgers!mailrus!eecae!cps3xx!rang
From: rang@cpsin3.cps.msu.edu (Anton Rang)
Newsgroups: news.sysadmin
Subject: Re: Possible Fines (really system administration problems)
Message-ID: <1035@cps3xx.UUCP>
Date: 9 Nov 88 19:21:00 GMT
References: <456@l5comp.UUCP> <12081@dscatl.UUCP> <16600@agate.BERKELEY.EDU> <1988Nov9.033444.20788@tmsoft.uucp>
Sender: usenet@cps3xx.UUCP
Reply-To: rang@cpswh.cps.msu.edu (Anton Rang)
Followup-To: news.sysadmin
Distribution: na
Organization: Michigan State University, Computer Science Dept.
Lines: 24
In-reply-to: mason@tmsoft.ogc.edu's message of 9 Nov 88 03:34:44 GMT

In article <1988Nov9.033444.20788@tmsoft.uucp>, mason@tmsoft.UUCP (Dave Mason)
writes:
>There are either:
>a) a lot of sysadmins out there who don't think there's much point in taking
>REASONABLE security precautions, like making sure that trusted programs like
>mailers don't have wide-open DEBUG modes installed on production machines
>-or-
>b) a lot of sysadmins who's bosses don't think there's much point ....
>and therefore have the sysadmins spend time & effort elsewhere.
>-plus, of course-
>c) sysadmins who haven't had the time/training to realize there are security
>holes that need plugging.

  You could also add:

d) Sysadmins who don't have source code for their vendor-supplied programs.

e) Sysadmins who have fixed the obvious holes, but don't have time to fix
   the hundreds of not-so-obvious ones.

+---------------------------+------------------------+----------------------+
| Anton Rang (grad student) | "UNIX: Just Say No!"   | "Do worry...be SAD!" |
| Michigan State University | rang@cpswh.cps.msu.edu |                      |
+---------------------------+------------------------+----------------------+