Xref: utzoo news.groups:6204 news.sysadmin:1479
Path: utzoo!attcan!uunet!husc6!bloom-beacon!bu-cs!mirror!rayssd!raybed2!cvbnet2!robbie!pcolby
From: pcolby@robbie.prime.com (Peter Colby)
Newsgroups: news.groups,news.sysadmin
Subject: Re: Proposal for comp.security/alt.security
Message-ID: <356@cvbnet2.UUCP>
Date: 10 Nov 88 16:56:38 GMT
References: <2347@isis.UUCP> <22460@tis.llnl.gov> <1147@unisec.usi.com> <329@sulaco.UUCP> <1061@motmpl.UUCP> <33589@zardoz.UUCP>
Sender: postnews@cvbnet2.UUCP
Reply-To: pcolby@robbie.UUCP (Peter Colby)
Distribution: na
Organization: Computervision - a division of Prime Computer
Lines: 52

In article <33589@zardoz.UUCP> neil@zardoz.UUCP (Neil Gorsuch) writes:
>
> [much explanation regarding the social & professional qualifications
>  needed for inclusion on either the "zardoz" or the "isis" security lists]
>
>To join the zardoz list, just send mail to:
>sec-request@cpd.com	or	!uunet!ccicpg!zardoz!sec-request
>from root or one of the email contact accounts listed in the maps for
>your site.  Postings should go to security@cpd.com or !zardoz!security.
>
Once again, some of us poor SA's are being discriminated against. I am the
administrator for a small (10 to 30 machines depending upon responsibilities)
LAN in a major computer company. I receive mail on our gateway to one of the
major company networks (250+ machines) which in turn is connected to yet other
company networks with an unknown (to me) number of machines. Thus, I would not
be suprised if there were 500 machines networked together with several layers
of LANs (and associated gateways). Suffice it to say that there are a limited
number of published gateways to the outside world (3 published in the various
d.* and u.* maps and the main company gateway/domain registered with SRL/NIC).

Now it should be obvious that:
	#1) There is no way in h**l that all (or even close to most) of our systems
		can be published outside the company.
	#2) There is no way in h**l that the main gateway administrators can be
		responsible for even most of the smaller LANS in the tree - let alone
		take responsibility for security on the 500+ local machines.
	#3) There is every reason in the world that any local LAN or system
		administrator should be interested in the security of the system(s)
		they administrate.

I certainly care about security, I would like at least the systems I
administrate to be as secure as possible, my work and family responsibilities
(I am not a full time system administrator - even in my professional life)
preclude any kind of formal (or even extensive informal) study of security.
The mentioned mailing lists would be my best source of the information I need
to do the administration part of my job properly. BUT, by several levels, I do
not even qualify for the zardoz list, let alone the isis list.
(Yes, I will send my request to the mentioned address - from root on my gateway
machine, but...)

Aside from all else, I should comment that I feel strongly that secrecy (of
information) will eventually lead to the destruction of all that makes life
in this world truely worth living. If you don't know about it how can you
even reason about its possible consequences or directions, let alone fight it
or even steer it into more appropriate channels.

SECRECY CAN ONLY BE USED FOR REPRESSION/OPPRESSION!

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
UUCP: {sun,decvax,linus}!cvbnet!pcolby ||| "We has met the enemy and he is us."
UUCP: pcolby@robbie.prime.com          |||                           Pogo
CSNET: pcolby@robbie.prime.com         |||