>----------
>From: Caldwell, Matt COLASC[SMTP:caldwm @
msgate .
ColumbiaSC .
NCR .
COM]
>Sent: Thursday, January 02, 1997 1:35 PM
>To: Jim Truitt; Paul Ferguson
>Cc: firewalls @
GreatCircle .
COM
>Subject: Security Adminstrators: Web of Trust
>
>[snip]
>>So, what can you do? Log, log, log. And more logging. And get
>>to know the security administrator upstream from you.
>>
>>- paul
>[snip]
>
>This is simple, but excellent advice. Users of PGP are always talking
>about
>a "web of trust". Perhaps what is needed is a web of trust between
>security
>
>Maybe what we need is our own group that promotes trust between each
>other and lets
>us get to gether as professionals. or a web site etc..
This seems rather unlikely to me... I'm an admin, have been an admin for
quite some time, and while I do get to know and trust people, I would
NOT trust my systems to anyone else, nor put my trust in anyone's
systems... Just because you trust someone doesn't mean they're NOT a
dumbass. Trust is (to me anyway) a very very bad word when it comes to
security issues.
Promoting trust is one thing, but personally I think it's best to be as
paranoid as possible, as often as possible.
Getting together and trusting each other can only go so far. I can see
getting to know the people upstream from you, but that doesn't mean that
someone else on that site isn't on the shifty side of things... Paranoia
seems like the best option to me.
>
>admins. Just a thought.
>
>Jim truitt
>
> /~~\/~~\/~~\/~~\/~~\/~~\
>| /\/ /\/ /\/ /\/ /\/ /\ | peg @
v-one .
com
>| \/ /\/ /\/ /\/ /\/ /\/ | www.v-one.com
> \ \/\ \/\ \/\ \/\ \/\ \/
> /\ \/\ \/\ \/\ \/\ \/\ \ Systems Engineer
>| /\/ /\/ /\/ /\/ /\/ /\ | 1803 Research Blvd
>| \/ /\/ /\/ /\/ /\/ /\/ | Rockville, MD 20850
> \__/\__/\__/\__/\__/\__/ (301)838-8900 x 224
|
|
