Leland K. Neely <lkn @
s1 .
gov> writes:
# I heard a story this week. It seemed that one site setup filters to
# permit port>1023 access, excepting X and openwin, and thought they were ok.
# One user decided that he "REALLY" had to have access so he reset telnet
# (or rlogin, I am not sure) to listen to a port equal to his phone
# extention. (eg 4532.) This worked so well, that his buddies all had him do
# the same for them. Now, each machine listened on a different port...
I firmly believe that ANY security mechanism can be compromised with
insider help. The problem described above is a people problem, not a
technical problem. You can't do effective security as an "add-on" at
the border of your site; it requires the explicit or implicit
cooperation (or at least the lack of active opposition) of the folks
you're nominally trying to protect. If you don't have that, it's
hopeless.
-Brent
--
Brent Chapman Great Circle Associates
Brent @
GreatCircle .
COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041
Follow-Ups:
|
|
