• Subject: Re: Rewarding challenge AS/400...
  • From: email@xxxxxxxxxxxxxxxxxxx (James W Kilgore)
  • Date: Fri, 24 Sep 1999 01:35:42 -0700
  • Organization: Progressive Data Systems, Inc.



Joel Fritz wrote:
> 
> I dunno--people sometimes do funny things when they dislike each other.
> 
OK, I've watched this thread long enough, SOAPBOX(*on)

If you lock the door, they come in through the Window (pun intended <g>)

IMO, 95% of the users are there to get their job done and couldn't give
a squat about technology.  It's the tool handed to them and they
acquiesce to it's use.  Half of them don't even have a PC at home. 
Depending on the pecking order, it drops from there.

I once heard that locks keep honest people honest.  If a thief want's
in, they'll get in. Period.  Most you'll catch, the rest will let you
know where you've left access.

Are users sloppy about security? You bet. Why? They're honest and
naturally expect that from their coworkers.

Security, or should I say cynicism / suspicion, is not in their job
description. This human trait is the weak link in any security plan.

We could all run our systems at level 40/50 and still have breaches that
are beyond any contrived technology.

What one is asked to do is to take "reasonable measures" to "insure"
security.  The debate starts once a breach occurs or an audit questions
if what is in place is "reasonable".

Way back when (the Earth's crust was still cooling) there was a study
done on security breaches.  The target was insurance companies.  Now the
companies were diligent with requiring expirations of passwords and
their computer generated a series of non repeating, non redundent,
random letters/numbers.  Noone could guess them.

The passwords were so hard to remember that the users wrote them down on
a Post-it and slapped it on the face of their CRT.

To break into their system required a pair of binoclars from across the
street.  Read all the passwords you want.  Sniffing packets is for
technogeeks that can't see the forest for the trees. =;-p

Make your plans, dot your I's, cross you T's, cover your b***.  Breaches
happen. Period.

P.S. I'll bet that the janitorial company that cleans your building can
get all the passwords they want.
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].