Great Circle Associates Firewalls
(January 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Air Force Web Site Hacked
From: Mark Johnson <mark @ hercules . reno . nv . us>
Date: Wed, 01 Jan 1997 12:24:42 -0800
To: Michael Idengren <midengre @ stetson . edu>
Cc: Norm Laudermilch <norm @ UU . NET>, firewalls @ GreatCircle . COM
References: <Pine . SUN . 3 . 94 . 970101133744 . 17516C-100000 @ tophat> 
Michael Idengren wrote:
> 1.  My comment was partially meant as a joke, it's horribly impractical
> for ISP's and Univerisities and such to require operator intervention
> every time a webpage needs to be updated.  Such a level of paranoia
> *might* only be appropriate for government agencies and authoritative
> advanced research sites.
> 
> 2.  With regards to marking files immutable:  If I really wanted to secure
> a file, I wouldn't do it with software security.  No way no how absolutely
> not - this is the whole point, hardware-level security is the entire point
> behind R/O media.  I myself would only feel comfortable with jumpering the
> hard drive as read-only or mounting a CD-ROM if I ever had to go to such a
> level of paranoia.
> 
> Mike Idengren                    | MEISTER
> ---------------------------------+----------------------------------
> Center for Information Technology| Alachua Free-Net IRC Administrator
> Stetson University               | WorldWide Free-Net IRC Network Coordinator
> 

I agree that CDROM may not be the best R/O media.  A R/O HardDrive or
some other
form of media which has the ability to shut off the Write abilities at
the hardware
level may be a more cost/time effective means.

However, as far as who should be this paranoid thats a whole other
issue.
I work for a Medical Institution, and the laws that govern patient
confidentiality
are a nightmare just to read much lest enforce electronically.  Some
Medical 
Institutions are wanting to put patient info on line for patient
access.  So since
I live in Reno, alot of so called "mega-stars" may visit the hospital. 
How much do
you think tabloids or whoever would pay to get the clinical data.  Just
for verbal
infomation a doctors have been offered $80,000 (Hear say) for info on
one so called
"mega-star" who was admitted to one of the local hospitals.  Same thing
would happen
if a government official was admitted.  This may seem extreme, but
obviosly its 
happening more and more.  

This type of personal info will become more and more available via the
internet.  Law
Offices may have their clients info on the Internet for their clients to
access.  This 
kind of thing becomes quite dangerous for the instutions.
-- 
Mark Johnson
Network Project Manager
St. Mary's Regional Med Ctr
mark @
 hercules .
 reno .
 nv .
 us
References:
Indexed By Date Previous: Re: WWW Gaffiti Immunity (Off Topic)
From: Bertrum Carroll <bc17684 @ 90 . deere . com>
Next: Re: Denial of service (was Re: Air Force Web Site Hacked)
From: Jim Truitt <jtruitt @ pagesz . net>
Indexed By Thread Previous: Re: Air Force Web Site Hacked
From: Michael Idengren <midengre @ stetson . edu>
Next: Re: Air Force Web Site Hacked
From: Chris Lonvick <clonvick @ cisco . com>
Google
 
Search Internet Search www.greatcircle.com