A way to monitor your files

[Blair P. Houghton]

In article <11022 at smoke.BRL.MIL> gwyn at brl.arpa (Doug Gwyn) writes:
>In article <1142 at virtech.UUCP> cpcahil at virtech.UUCP (Conor P. Cahill) writes:
>>Yes.  I did not intend to say that C2 is the solution to the problem with
>>the superuser, but further levels of security (possibly B1, but more 
>>probably B2) will begin to dispense with the idea of an omnipotent being.
>
>And then the sysadm will merely shut down the system, boot up his
>browser, and examine files on the supposedly secure disk.
>
>Nothing short of an excellent encryption scheme will foil the
>determined snooper in a situation like the one we were discussing.

Then, he said, change the situation.

The error is in trusting "computer security" at all.  Real document
control is what's needed.

All secure data is to remain on removable media and stored in a locked
box.  The person with the key to the box is not the person with the
key to the drive.

The other thing to remember is that almost every security situation has
a single person who has the opportunity to "browse" the documents if
only while walking them from the window to the cabinet, and is probably
authorized to do so in order to check for missing pages, etc.

As long as the superuser is a sufficiently cleared individual, then the
proper security is being maintained no matter what software he can use
to get into the files.  As in a traditional paper system, one has to
place trust in the handlers of the data.

I thought the real problem was in plugging up holes that allow external
communication and unauthorized access, and partitioning the access
among the various groups that need to share the storage systems.
That's what I read this "C2/B1" stuff to mean.

I can't remember which group had that discussion originally.  Was it
here or in comp.misc?  Will uunet have it in an archive, so I don't
have to make much more of a fool of myself by covering old ground?

				--Blair
				  "I hold forth,
				   but I came in with a fifth..."