LISTSERV - HP3000-L Archives

HP3000-L Archives

September 1998, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L September 1998, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Re. Can't initiate new sessions now
From:	Wirt Atmar <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Fri, 4 Sep 1998 14:17:06 EDT
Content-Type:	text/plain
Parts/Attachments:	text/plain (48 lines)

Mark Landin writes:

> One tenet of computer security is that you give unauthorized users as
>  little information as possible about the system they are trying to
>  access.
>
>  I guess I don't see having to successfully login before being told
>  that the machine can't service your login, or that some other thing is
>  unavailable, as being a serious problem. You may disagree, of course.

Actually, I strongly agree. I've always considered giving out any form of
information to a non-authorized user to be a relatively profound breach of
security.

However, I don't want that statement to be taken out of context. To change the
subject just a bit, I've also always believed that once a user proves his or
her worthiness, all security considerations should completely disappear and
the user should be free to do whatever he or she needs to do to be productive.

If there's any trend that I've noticed over the last ten years, it's been the
increasing tendency of data processing managers to put an increasing number of
impediments between valid business users and their capacity to use data on the
HP3000 -- and this is killing their capacity to get their work done.

The people who are the business users are the same people who, 30 years ago,
extracted their data from steel filing cabinets in paper form. Very few of
these people ever set fire to the filing cabinets then and very few of them
want to burn down the system now. And if they do -- that's precisely why you
do backups, a protection that wasn't even readily available 30 years ago.

Ultimately, you have to trust people if any productive work is to be done.

Reasonable security precautions are one thing, irrational fears are another.

A reasonable estimate of true, placing-the-company-at-risk threats to an
HP3000's data probably proceed in an order something like this:

         o  Fire
         o  Unintentional, unobserved damage to a database
         o  Flood
         o  Intentional, malicious damage

with each category being a tenth the probability of the one above it. In every
particular case, the solution is obtained by maintaining good, non-rotating,
off-site backups frequently.

Wirt Atmar

ATOM RSS1 RSS2

RAVEN.UTC.EDU