Great Circle Associates Firewalls
(August 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Root accounts ... In reply to 9408240659.a
From: Richard Huddleston <reh @ wam . umd . edu>
Date: Thu, 25 Aug 1994 08:46:35 -0400
To: R.ROSSMAN/ARSC @ cgsmtp . comdt . uscg . mil
Cc: firewalls @ greatcircle . com 
> I don't want others to contact me, I want to contact others.
> The less "Others" able to get through to my net, the less problem I have.
> It isn't a solution for everyone.  But provides a great firewall for those
> that need limited access "out" to the internet.  In a practical sense, the
> firewall is just that.

Right: limited access out and almost no access in isn't a solution for
everyone.  And for those for whom it *is* a solution, there are better
ways to achieve it then then get yet another operating system and another
set of utilities in house, and to require people to work with these tools
--AND CONSTRUCT FIREWALLS OUT OF THEM--when they don't understand them.

This is quite plainly a bad idea.  Too bad for CTOS. 
	
> The original message talked about system admins using root all the time and
> what a bad idea that was.  I agreed and offered my experience with "CTOS" 
> as an example.  No need to FLAME!  

Are you telling us that CTOS admins absolutely do not ever log in using the
volume password?  If they do, they're Joe Root.  And, if they do, then your
experience with CTOS--that there are other ways to admin a system other 
than logging in as root--is equivalent to anyone else's experience with any
other operating system.  We can factor out the operating system--in other
words, there's no justification for making a special case of CTOS--and then
what we're talking about is system administration.  There is a special list
for that: SAGE.  Hint, hint. 
	
> Signing on as root imediately gives the admin damaging access.  I think we
> all agree it is not a good idea to sign on as root for all your work.  In
> CTOS the admin does not sign in and immediatley have that access, nor does
> s/he need that access to do 99% of the work.  When that kind of access is
> needed there is a volume password which can be used.  GOOD Admins protect
> that password with encryption and keep knowledge of it to two people.

Double ditto my point above.

You're misrepresenting CTOS in order to introduce it as a topic that 
represents a special case.  It's an evangelical approach.  I know you
believe you're dealing with the great, unwashed Unix masses here, but
I sent you some e-mail detailing your misrepresentations of CTOS (such
as CTOS is Unisys' flavor of Unix: written either by a deliberate liar
--i.e., a marketing scumball--or a person who is hopelessly clueless
about CTOS *or* Unix at the systems level).  I haven't seen a reply
to that message in my mailbox, or posted to firewalls in general.

Richard
Indexed By Date Previous: Re: Hacker's Site list
From: Herb Peyerl <Herb . Peyerl @ sidney . corp . novatel . ca>
Next: Re: Hacker's Site list
From: "Michael S. Hines" <MSHINES @ freh-02 . adpc . purdue . edu>
Indexed By Thread Previous: subscription
From: "Monaco, Alexis" <amonaco @ bug . com>
Next: help
From: Black Hole Administrator <admin @ worldlinks . com>
Google
 
Search Internet Search www.greatcircle.com