High ranking lusers

From: Anonymous (remailerat_private)
Date: Wed Apr 15 1998 - 20:15:16 PDT

  • Next message: Martin W Freiss: "Re: how to do intrusion detection right"

    Bennett Todd writes a nice description of what you can't always do.
    
    > The most tricky and delicate part of security administration is getting
    > the users to support the policy. The first part of dealing with this
    > comes as you're formulating the policy, but the ongoing work comes in
    > selling it. Typically a user comes and says they want to do something,
    > and they can't, please fix it. What they want to do (e.g. view a web
    > page with applets) is prohibited by the policy. So you explain to them
    > why the policy is as it is, what the cost to the organization would be
    > of relaxing the policy. You try to find an alternative way to meet their
    > needs. And you pitch your explanation of why they can't do what they
    > asked in such a fashion that they know who they'll have to approach, and
    > what argument they'll have to overcome, to get the policy changed to
    > suit them.
    > 
    > Do this right and the user community comes to really actively support
    > the security policy; then you can start doing your job _right_.
    
    
    true, recent and sad
    
    
    Little Boss:  The Big Boss wants a shell script to be setuid root.
    
    Me:  Why ? [Thinks: Gotta get an alternative to that!
                He's probably only just heard of setuid bits.]
    
    LB: He wants his scripts to use ftp, and ftp can only be run by root,
               (because security dept believe in client-side access control)
        and he already has a shell script wrapper to call ftp for some reason,
        so now he wants it to be setuid root.
    
    Me: There are loads of problems with setuid scripts.
        [Any introductory book says so.  How can I be diplomatic about this?
         So is the boss happier to keep the letter of the S.D. law, while
         breaking the spirit?  Can we get this user added as 'can also ftp'?
         Why don't they leave things alone until they have time to install
         a good transfer program with OTP or better?]
    
    
    LB: He wants it soon, and he's going to call it 'secure_ftp'.
    
    Me: <silence>  [What excuse would Dilbert invent?]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:04 PDT