rfocht...@ync.net (Rick Fochtman) writes: > My two cents' worth: that auditor needs to find a more challenging > shop. He's "nit-picking" on trivia and showing just how paranoid he > really is. Too much time on his hands.
one of the biggest challenges when we started doing the (internal) online telephone book were the plant site security officers. we wanted the softcopy of original source used for printed plantsite telephone books (which were unclassified or internal use only). almost uniformly plant site security officers (and random other individuals) would claim that making the same information available online (internal only systems) would be a security risk (and should require much higher security classification ... like "ibm confidential" or "confidential-restricted"). we eventually were able to convince security officer at one large corporate plantsite ... and then used that location as an argument with all the other plantsite security officers. by '83 or so ... it was all over ... but it was really tough slogging with security officers (and random other security want-a-bees) for a time ... the internal network was larger than the arpanet/internet from just about the beginning until possibly late '85 or early '86 (vast majority were vm370 systems ... even for operations that were primarily mvs development). misc. past posts mentining internal network http://www.garlic.com/~lynn/subnetwork.html#internalnet old post with corporate locations that new/added nodes during 1983: http://www.garlic.com/~lynn/2006k.html#8 one of the big divergence between internal network and internet in the mid-80s ... was the communication group forcing PCs and workstations to be limited to terminal emulation ... while the internet was starting to see big explosion in PCs and workstations as (peer) network nodes. on the other hand ... this item from today Experts complacent about network attacks: Study shows physical attacks to communications network infrastructure deemed low priority risk http://www.sciencedaily.com/releases/2011/07/110728111452.htm early 80s, security study prompting special corporate encrypting modems for home&traveling terminal program identified (physical compromise of) hotel pbx system as major vulnerability. on the other hand ... one of the early installations of the modems was at home for senior executive ... who had EE background. he was testing the contacts with his tongue when the phone rang ... which resulted in directive that all future modems made by the corporation had to have the phone jack contacts recessed far enough that they couldn't be touched by the tongue of babies and senior executives (which frequently makes it difficult to remove phone connection). -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
