On Wed, 30 Oct 1996, Bob Beck wrote:
> > >The only way to have accountability is with authentication-dependent
> > >service access. No (secure) password, no service. Think Kerberos, or
> > >something similar.
> >
> > I second that suggestion. Anything less can be trivial to spoof.
>
> Not in this case I don't. Keeping IP or MAC based logs is one
> thing, but I think if your company tells you you need to put in that
> level of secure authentication to go *out* just to keep people from
> getting to playboy.com, I think you should get a new job. Fast.
The point is not that this would actually happen. You take the example to
the extreme when discussing it, so that you have some idea what is out
there.
No one here suggests that your officemates would write a .TSR to reprogram
the MAC address of their ethernet card in order to get someone else
busted, or that the boss demands that this sort of thing be stopped.
Rather, as professionals responsible for security, we are responsible for
understanding the systems that we use, and the limits to those systems.
The point is that Kerberos and other formal authentication models give you
a high degree of accountability for use of network facilities. Other
models do not. If you require accountability for the usage of network
facilities, for legal or ethical or PR or whatever reasons, then you
should not kid yourself that recording the IP number is a serious way to
enfore this accountability. It's not, and people should be aware of this
when making these kinds of decisions.
__
Todd Graham Lewis Linux! Core Engineering
Mindspring Enterprises tlewis @
mindspring .
com (800) 719 4664, x2804
References:
|
|
