From owner-freebsd-questions Thu Nov 8 0:20: 9 2001 Delivered-To: freebsd-questions@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id 2603A37B417 for ; Thu, 8 Nov 2001 00:20:04 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fA88JHO19522; Thu, 8 Nov 2001 09:19:17 +0100 (CET) Message-ID: <003901c1682e$26a0a0d0$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "Andrew C. Hornback" , "FreeBSD Questions" References: <00e201c167d4$474ad9e0$6600000a@columbia> Subject: Re: Lockdown of FreeBSD machine directly on Net Date: Thu, 8 Nov 2001 09:19:55 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Andrew writes: > > b) Calling the sysadmin and pretending to be his > > boss and convince him to open a hole. > > Most organizations require something like that in > writing, or at least as part of a face to face > conversation. That negates this loophole. I've never encountered an organization that has a policy like that, but my personal policy is along those lines. If any manager wants me to compromise system security, he needs to put it in writing. This not only protects the organization from hanky-panky, but it protects me and the organization from lawsuits (albeit not prosecution, in most cases). > If a secretary does this, they need to be fired, > period. In some organizations (many, in fact), she might be fired for _not_ doing it, as few people understand the risk to security that doing something like this represents, and they would interpret her refusal as a lack of team spirit or cooperation or some such. > Wouldn't work under a "Trusted" system, you'd > have to bribe, torture or blackmail three people. Not outside the realm of possibility, but it is true that collusion between two or more people is _far_ less common (and much less stable) than dishonesty in a single individual. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message