Robert Allen (email@example.com)
Mon, 06 Apr 87 10:55:12 -0800
>> Encouraging people to find holes and then use them to make the local system
>> programmers work on them is wrong. It is like encouraging people to find out
>> if their neighbors lock their door during the day so they will. Do you really
>> want that or do you want the theives to be caught? I want the theives to be
>> caught and the ability to leave my door open. I don't want to fear my
>> neighborhood or my users.
While this doesn't deal directly with TCP-IP, it is a *very* important
consideration in the Internet in particular, and any network in general.
Often a so-called 'breakin' does not even require that a user maliciously
"try their neighbors doors" to see if they can gain restricted permissions
or access. Often curiosity alone is enough to cause problems. Example 1:
a first-time UNIX user was learning about the file system, and in particular
how to delete files. He was told that he could only delete files owned by
him, and by way of counterexample his mentor typed "rm /etc/passwd".
Surprise, /etc was writeable and the file was gone. Example two: the recent
rlogin breakins at Stanford. Example 3: Obviously if you have hardware
access to the transmission medium you can unintentionally wreak havoc merely
by using someone elses IP address.
I too would like to live in a word where I can leave my "door unlocked".
Unfortunately it doesn't take more than a very few nasty or ignorant persons
to cause problems. Due to the fact that computers have evolved in an
atmosphere of sharing (time sharing, memory sharing, src sharing..)
we have yet to realize the responsibilities and risks of trusting them too
much. I.e., there is a big difference between leaving your door
unlocked but closed, and spreading $20.00 bills on your front lawn.
In the case of J. Hubbards 'wall' to the Net, the problem was not
caused by a malicious person, but by simple curiosity.
At the recent TCP/IP Conference in Monterey CA, some discussion was
given to "network security". From the military standpoint they want
the ability to send data through a network, such that anyone who
captures the data won't be able to read or use it. While this may
be a prerequisite for the military, I don't think that 'normal' users
should expect that their Email be any more secure than their USMail.
The best method of keeping something secure on a network is to physically
seperate it. Or, do what I do, and don't put anything on the system
which you wouldn't read by someone else under the worst case scenario.
Fixing security 'features' is obviously important, and should be pursued.
Catching malicious persons doing damage is also extremely important. But
"catching the theives" is not the answer to a lack of network security.
If your network rolls out a red-carpet to someone then don't be surprised
if you find muddy footprints on it the next morning. I leave you with
two examples quoted from the January 1987 issue of the ACM Software
"The computer security administrator at Roche ... had been
plagued by a hacker who auto-dialed the entire Roche phone
system in sequence. .... They laid a hacker trap on one of
the PC's and traced the call. Once the suspect was found,
it was even harder to get him arrested since he was in
New York, and Roched in New Jersey (which got the FBI involved).
The perp was brought into the police station and had the riot
act read to him... He was not charged -- because there wasn't
a **no-trespassing** sign on the hacker trap identifying the
system as private proberty of Roche."
" "Welcome to the ______ System" ... A Mass. financial firm
that had attempted to prosecute a hacker who had penetrated
their system. The defense lawyer argued that the system had
a greeting that welcomed people to the system, and that was
tantamount to welcoming someone intor your home. The judge
threw out the case, accepting the arguments of the defense.."
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:38:06 GMT