home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.security.misc
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!cs.utexas.edu!sdd.hp.com!ux1.cso.uiuc.edu!news.cso.uiuc.edu!jsue
- From: jsue@ncsa.uiuc.edu (Jeffrey L. Sue)
- Subject: Re: Security vs usefulness (was Re: reasons for disable fingerd)
- References: <1fvngjINN297@iraul1.ira.uka.de> <WCS.92Dec13203554@rainier.ATT.COM> <1ghs93INNl04@iraul1.ira.uka.de>
- Message-ID: <1992Dec14.173636.10834@ncsa.uiuc.edu>
- Originator: jsue@pluto.ncsa.uiuc.edu
- Sender: usenet@news.cso.uiuc.edu (Net Noise owner)
- Organization: The Dow Chemical Company
- Date: Mon, 14 Dec 1992 17:36:36 GMT
- Lines: 65
-
- In article <1ghs93INNl04@iraul1.ira.uka.de> s_titz@ira.uka.de (Olaf Titz) writes:
- >In article <WCS.92Dec13203554@rainier.ATT.COM> wcs@anchor.ho.att.com (Bill Stewart +1-908-949-0705) writes:
- >>
- >>The main job of security is to say "NO".
- >>The main job of Unix is to say "Yes".
- >
- >O.K., you agree in this point: The main job of Unix is to get the
- >user's work done.
- >The main job of security is to stop the user from getting his work
- >done.
-
- Sorry, but I have to interject something in here. I think it's false
- to say that "the job of security is to prevent work from being done."
- It is also false to say "The main job of security is to say "NO"."
- These two statements oversimplify the situation. IMHO, the "job of
- security" is to allow the users to get their work done, and to protect
- the value of that work by preventing it's unwanted destruction and/or
- theft.
-
- As a system administrator I can definitely say that I have much more
- important and interesting things to do than to audit security reports
- and watch people's keystrokes.
-
- >
- >Simply that Unix doesn't have more bugs than other OSs does in no way
- >invalidate the statement that it doesn't have as much *features* to
- >stop legitimate use. Take VMS, for example. Maybe there are less bugs
- >in it. (Yes, it has bugs, too.) But definitely there are features in
- >it that serve nobody but paranoid system admins who want to control
- >every key any user may press, at the expense of memory and CPU time
- >that otherwise could serve the user. Now tell me what is better ;-)
- >
-
- Your first statements defines the situation very well when you talk about
- "legitimate use." I know that there are probably some overzealous sys
- admins out there who wish to control everything on the system, but the
- real main concern that security addresses is legitimate use. Anyone who
- wants to spend all their time controlling access to everything will live
- in a small, shell of a world for a long time, and most likely never have
- a chance at learning more interesting and enriching things. There are just
- too many things going on at any particular point in time to justify the
- effort required to control it all.
-
- NOTE: Unix no better in this respect. The security methods employed
- depend on your specific sys admin's level of paranoia - even a Unix
- system can be hell if the sys admin decides to control it too much.
-
- Remember the early days of VMS, where mostly researchers use the
- systems and there were no "mission critical" systems? If Unix were to
- grow in acceptance to the same level, you can bet the security would
- become much tighter and the system would become less usable.
-
- We purchase computer systems to do a job (or more than one job).
- Essentially we expect that in the performance of that job there will
- be some valuable results. Proper security must balance between
- protecting those valuable assets (results), yet still allow the
- end-users to be productive.
-
- Unix does not have (nor does any other operating system) any kind of
- monopoly on "usefulness" when managed correctly.
-
- --
- -----
- Jeff Sue
- - All opinions are mine - (and you can't have any, nya nya nya)
-
