Click on our Sponsors to help Support SunWorld
|
Readers comment on security
SunWorld Online respondents say the biggest threat is from within
By Mark Cappel
|
|
Readers comment on security
SunWorld Online respondents say the biggest threat is from within
We gave SunWorld Online readers the chance to comment in essay form on their thoughts on security, and many seized that opportunity.
The comments are reproduced as received; only some minor spelling and punctuation errors have been corrected. -- Editors
- Date: Mon Jul 1 06:40:49 PDT 1996
-
Keeping systems *usable* and *secure*. Pick one.
- Date: Mon Jul 1 07:59:46 PDT 1996
-
Getting users to understand the risks is the hardest thing to overcome
Most think that because they switch THEIR machine off theres no way anyone
can get into their information, few realise the significance of servers,
passwords, or the time their machine is actually switched. Perhaps more
difficult still is convincing the 'dumb users', usually at management
level, that there is a finite limit to the accessibility of a machine, and
the level of security you can enforce. For example, I constnatly have to
explain why a non TCP/IP capable machine is completely secure from an
Internet connection...
- Date: Tue Jul 2 04:21:39 PDT 1996
-
Synchronizing the Novell identity base with UNIX/NIS. Whether the average
Internet wanderer can spew packets onto my wires. Wintel Wintel Wintel.
Viruses present a larger threat to PC operations than real intruders.
- Date: Tue Jul 2 05:15:09 PDT 1996
-
Competitors trying to crack us, installing security patches ASAP, keeping
up with sendmail versions. I don't really worry about most race
conditions, because most of the crackers out there just use a little
toolkit and really don't understand the way the holes really work.
- Date: Tue Jul 2 06:10:12 PDT 1996
-
Internet connections.
- Date: Tue Jul 2 06:30:36 PDT 1996
-
Remembering Passwords...(grin)
- Date: Tue Jul 2 06:58:55 PDT 1996
-
Providing customers access to real-time data without compromising our
information system Privacy of E-mail, orders, proposals and other business
sensitive data sent/received over the net.
- Date: Tue Jul 2 07:55:58 PDT 1996
-
Changing the mindset of staff.... those that use the systems and those
that ok the money to spend on improving the security.
- Date: Tue Jul 2 09:10:29 PDT 1996
-
People trying to use my ftp site for illegal distribution of commerical
software or "warez" on my linux box.
- Date: Tue Jul 2 12:23:43 PDT 1996
-
Upper management doesn't have a clue. They either over react when the
latest hacker of the week story shows up in the media or they do nothing
because they can't grasp the basic concepts of the internet and how it
works.
- Date: Tue Jul 2 13:43:32 PDT 1996
-
Running X though the firewall and across the net for "direct" product
tests at customer sites. Enabling access to our internal e-mail for mobile
users.
- Date: Tue Jul 2 16:38:56 PDT 1996
-
Insiders trying to gain access as `jokes' re-writing/customizing ALL
daemons/services/etc keeping up w/ CERT Security advisories and the like
- Date: Tue Jul 2 17:44:30 PDT 1996
-
Repeated security patches to SunOS.
- Date: Tue Jul 2 20:57:27 PDT 1996
-
Having reasonably tight security to prevent unauthorized access to
servers, especially client (bank) data, while still allowing free access
to authorized users, including telecommuting. It becomes a real pain to
have to drive to the office just to test how a program you've worked on
for two nights runs on the Cray or SPARCcenter 2000E with client data.
- Date: Wed Jul 3 09:22:36 PDT 1996
-
(Unix-)Operating systems generally have wery low profile on security. The
newer the system, the more security has had to say in the overal desing of
the system. It is a nightmare to run a SunOS 4 based system today, too
many flaws and too many ready-to-use breaking tools floating around in the
net. Even with all security patches installed, the system can be breaked
in less than 10 minutes.
- Date: Fri Jul 5 05:43:53 PDT 1996
-
Managment in "lightswitch" mode. The company I reported on above
assigned security issues to the accounting department worldwide. In most
cases, they are unwilling to even release corporate security manuals. If
an error occurs, however... it's somewhat different.
- Date: Fri Jul 5 12:19:19 PDT 1996
-
At my site I am the sys admin and the security person of several "secure"
sys's but must go with the flow as it were with the overall plan. This is
the major issuse that I face as the rest of the system is just about
unprotected. While I do have crypto to help secure the sys's that I worke
on I know there are to many ways into the general LAN/WAN for me to feel
protected. With all of the "bug's" in any OS all one can do is weave a
pach of fixes and tools to attempt to stop someone from the outside with
our without help form the inside from getting in.
- Date: Fri Jul 5 14:02:53 PDT 1996
-
Maintaining access in a user friendly manner for authorized users while
still maintaining an adequate and appropriate level of security and
confidentiality for our clients.
- Date: Fri Jul 5 22:49:19 PDT 1996
-
Physical security
- Date: Sun Jul 7 07:39:44 PDT 1996
-
Integration of two networks: one of a traditionally very paranoid
organizition, one developed with a somewhat more relaxed attitude.
- Date: Sun Jul 7 15:34:03 PDT 1996
-
loss or damage to data base, resulting in exreme time and cost to rebuild
engineering data. please note that even with data backups losses in some
area's might not be discovered for months or maybe years. sincearly,
peterb
- Date: Mon Jul 8 08:12:12 PDT 1996
-
Inadequate time and resources to deal with the problem.
- Date: Mon Jul 8 12:52:54 PDT 1996
-
- Worldwide encryption issues
- acceptable commercial security products
- enterprise-wide deployment
- multi-company wide area network security
- Date: Tue Jul 9 06:59:09 PDT 1996
-
Too much concern with peripheral issues, ie, credit card transmission,
external exploitation of security holes, etc, and not enough concern with
good basic practices including password selection, securing unattended
workstations, backups, preparing to recover from user error, etc.
- Date: Wed Jul 10 10:08:46 PDT 1996
-
password decoding file access permisions packet catching
- Date: Thu Jul 11 17:51:39 PDT 1996
-
Keeping up with the rapid number of changes and amount of security-related
information.... Especially as it is seen as a "side task"
- Date: Fri Jul 12 05:23:22 PDT 1996
-
If someone breaks into our site, I would worry less about the loss of data
and more about the length of time it would take to restore all our
computers after an damaging attack.
- Date: Sun Jul 14 21:34:23 PDT 1996
-
not much on a professional level. we aren't too concerned by outside
attacks in my company. i am concerned about electronic privacy and
authenticity.
- Date: Thu Jul 18 10:29:13 PDT 1996
-
developing a comprehensive security plan acceptable to business units.
- Date: Thu Jul 18 14:55:13 PDT 1996
-
Mainly human problems
- Date: Fri Jul 19 08:53:33 PDT 1996
-
I can't believe that you are asking people the OS and the type of security
measures that they have instituted over the internet!
- Date: Fri Jul 19 09:11:00 PDT 1996
-
LAN in separate building which requires access to main building classified
data.
- Date: Fri Jul 19 16:29:20 PDT 1996
-
void Bitching() { You failed to include Linux among other Unices when
asked what OS one uses in his/her organization. Please do this otherwise
I'll post about it on 5 Linux-mailing lists and in appropriate newsgroups.
I hope you fix the bug in question #15 soon. I do not face too many
issues. If there's a security bug, I fix it immediately because unlike
commercial Unixes, I do not have to pay for updates/upgrades/fixes, and a
word of mouth is a very fast communication method in Linux community. BTW,
there are more Linux machines on the Net than those lame NT boxes. Just
make a search using any search engine for `NT' and `Linux'; you'll get
many more docs where `Linux''s mentioned. }
- Date: Mon Jul 22 13:42:56 PDT 1996
-
We often send software engineers to field sites, where they need access to
our source code repository, but we do not want to give access to the
PPP/SLIP lines, and customer networks connected to the internet. Building
a security system that is flexible enough and secure enough has not been
simple, nor have we really finished the problem. We could be vulnerable to
password snooping over the network, or to port probing tools recognizing
certain services. We are also in the process of building a problem
database front-ended by a web server. We would like to allow access to all
company personnel, including remote sites; this is why we choose to use a
web server for the front end. Secure access to pages on a publicly
accessible web server is a worrisome prospect; this database will
certainly contain information we do not want competitors or customers to
see without restriction. As our distributed computing systems grow, our
security problems grow. Organizations must carefully balance access with
their own security needs. We seem to have struck a fairly good balance for
now, although I could argue for more security in a few areas. Disallowing
services is not truly a solution, users need these services in order to
keep up with their responsibilities.
- Date: Wed Jul 24 13:23:20 PDT 1996
-
Establishing an easy-to-use firewall that only allows connections to my
site from authorized outside sites
- Date: Thu Jul 25 04:03:29 PDT 1996
-
- Invasive client-side data
- Phreaking
- Commercial security
- Date: Mon Jul 29 13:29:02 PDT 1996
-
Outside attacks from other Internet sites, keeping all known security
holes patched, keeping systems monitored.
SunWorld Online is published by Web Publishing Inc., an IDG Communications company, independently of Sun
Microsystems Inc., which is not responsible for its contents. The
opinions expressed in SunWorld Online are those of the
authors or the publisher, WPI/IDG, and do not necessarily reflect the
opinions of its advertisers, or of Sun Microsystems, Inc. or its affiliates.
If you have problems with this magazine, contact
webmaster@sunworld.com
URL: http://www.sunworld.com/swol-08-1996/swol-08-security.comments.html
Last update: 1 August 1996
Click on our Sponsors to help Support SunWorld
|
If you have technical problems with this magazine, contact
webmaster@sunworld.com
URL: http://www.sunworld.com/swol-08-1996/swol-08-security.comments.html
Last modified: