On Thu, Dec 02, 2004 at 04:11:43PM -0600, Michael Halcrow wrote: > When your job is to lock systems down from every angle of attack, all > the possible vectors make one's head spin. Personally, I have > developed a new level of paranoia about these sorts of things. And > securing machines for which attackers have physical access is nothing > short of a nightmare. The only thing keeping the the average CS > department lab from imploding is the general honesty and > trustworthiness of the students.
Complete security is absolutely impossible. Really good security is ridiculously expensive. The difficult task is evaluating all the risks/concerns and costs and deciding where to tighten down and where not to. I'm guessing that most of us naturally gravitate towards too little security, simply because it's easier. While it's probably impractical to do even a measly ten-minute physical check on a computer every time we sit down at it, we should probably be more aware of what could happen (as Michael pointed out) and at least keep an eye out for irregularities. The original question was about a choice between not using PGP at all or using PGP on an imperfectly secure (but not ridiculously insecure) box. My opinion is that the security benefits from using PGP outweigh the risks. Of course, everyone's security situation is different. -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868
pgpdkeDENl8ru.pgp
Description: PGP signature
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
