Great Circle Associates Firewalls
(May 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Trust, employees, firewalls (Was Re: Would you trust a virtual)
From: sedayao @ argus . intel . com (Jeffrey C. Sedayao)
Date: Wed, 31 May 95 14:58:16 PDT
To: samman @ CS . YALE . EDU (Ben)
Cc: paul @ hawksbill . sprintmrn . com, mak @ mak . is . ge . com, firewalls @ greatcircle . com
In-reply-to: <Pine . SUN . 3 . 91 . 950531131640 . 664D-100000 @ jaguar . zoo . cs . yale . edu> from "Ben" at May 31, 95 01:17:32 pm 
> On Wed, 31 May 1995, Paul Ferguson wrote:
 
> > > we have customers/auditors who require us not to trust our employees. 
> > > If this is the case, why would we trust the carrier.  

> > Why not just disconnect yourself from The Net altogether?  ;-)
 
> Indeed--if you can't trust your employees, then how can you have 
> security?  That is, if you can't trust your employees(i.e. the other 
> sysadmin even) to keep their password confidential, then you can't 
> operate--there has to be SOME level of trust somewhere.
 
There must be trust somewhere, but this brings up a point that Marcus
Ranum makes - you have to know what you are protecting and who you are
protecting against.  If you are protecting a $50,000 secret against 
competitors, firewalls and encryption that protect against an attack 
costing $50,000 do no good if you can bribe an employee for $25,000 for
the secret.  

> Ben.

-- 
Jeff Sedayao
Intel Corporation
sedayao @
 argus .
 intel .
 com
References:
Indexed By Date Previous: Questions regarding TCPD & SMRSH
From: Scott Surguine <surguine @ csn . net>
Next: Re: ACE SecureID Flaw (SunOS 4.1.x)
From: sdi @ shore . net (Rich Orpen/SDI)
Indexed By Thread Previous: Re: Would you trust a virtual
From: Mohamad A Khatoun <mak @ mak . is . ge . com>
Next: Re: Would you trust a virtual
From: paul @ hawksbill . sprintmrn . com (Paul Ferguson)
Google
 
Search Internet Search www.greatcircle.com