On Sun, 26 Sep 1999, Aviram Jenik wrote:
> So if you don't trust your internal users - DON'T give them accounts. Going
> from regular user to root is trivial and only a matter of time (even if
> you're superadmin).
*every* computer connected to the net, or with users on it can be
compromised.
the question is how hard is it. Assuming a decent OS, a decent sysadmin
(Keeping himself *very* updated with security alerts (Bugtraq advisories,
etc ... (I'd say cert, but cert hasn't been releasing anything worth
reading for quite some time)), and a good enough setup --- compromising
the security (even from the inside), can be made *much* harder, and the
damage can be confined (Assuming you _do_ have other machines on your
network).
>
> But why give them shell accounts? Give them FTP access if you need file
> transfer. If they INSIST on having shell accounts, set up a special computer
> for them which will be sacrificial.
Take for example a university setting. You need to give students accounts,
and you most certainly don't trust them ..
Ors.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
