Security mailing list, anyone?

John Chambers jc at cdx39.UUCP
Tue Dec 16 08:22:59 AEST 1986 

Well, I've gotten lots of letters recently in response to
my complaints about how hard it is to learn the good stuff
about how insecure this system is.  It seems that lots of
people out there are interested in ways of making/breaking
their systems.  

So far, I haven't gotten any hot leads for the mythical
unix-security mailing list (or newsgroup or whatever), so
I guess I'll have to take it upon myself...

If you would like to partake in a discussion of ways of
defending your system from attack, send me an interesting
security-related letter, and I'll set up a mailing list.
[This is, of course, a thinly-disguised attempt to get
all of you to tell me what you know about security.]

There was an interesting posting recently in the other
direction, from a person who said that none of his users
had passwords, and they never had any problems.  This is
certainly another approach, and it might be interesting 
to see a discussion of the topic.  After all, any sort
of security that I've ever seen was rather intrusive,
and functioned primarily to interfere with legitimate
use of the system.  If you want a convenient, productive
environment, you probably want to minimize security.  Or
do you?  Can anyone suggest a way of making a computer
system reasonably secure from malicious intrusion, while
interfering minimally with its legit users?

BTW, I personally consider "idiot-proofing" to be a facet
of security.  I'd be interested in system designs that
somehow let me say "rm -r *" when I really mean it, but
interfere when I don't mean it.  Or, expressed differently,
is there a syntax that would make such things easy to type
intentionally, but hard to type accidentally?

Such a syntax could be of interest to high-security people.
A system that audits such commands could do a lot of quite
unobtrusive checking and fingering of guilty parties.  One
useful security approach, after all, is to pretend to be
open and inviting, while eliciting sufficient information
that you can successfully prosecute intruders later.  Such
systems have been termed "hacker traps".  A shell that 
pretended to accept series of commands like:
	cd /
	rm -r * &
	exit
while not actually doing them could be a good hacker trap.

[I hope I'm not too badly inundated by replies.  If I am,
I may have to farm the job out to some of you.  Also, this
machine and/or I may go away in a few weeks, and I don't 
know yet where I may be working next, so be prepared for 
a fast reorganization of any mailing list.]

-- 
	John M Chambers			Phone: 617/364-2000x7304
Email: ...{adelie,bu-cs,harvax,inmet,mcsbos,mit-eddie,mot[bos]}!cdx39!{jc,news,root,usenet,uucp}
Smail: Codex Corporation; Mailstop C1-30; 20 Cabot Blvd; Mansfield MA 02048-1193
Clever-Saying: For job offers, call (617)484-6393 evenings and weekends.

More information about the Comp.unix.questions mailing list