ADSM-L

Re: ADSM data security

1997-06-20 11:37:02
Subject: Re: ADSM data security
From: "Mark J. Cecil" <mjc AT WAYLOO.TCS.TULANE DOT EDU>
Date: Fri, 20 Jun 1997 10:37:02 -0500
> With great concern for offending academia, I'll wade in with this: =
> businesses, with the exception of our friends in government, which may =
> not be considered business anyway, don't seem to have the fear of data =
> security that academia does (or do, I've lost the tense in this fine =
> sentence).  I find that odd.  Of which data are we so concerned?  Eric's =
> comments about physical security are very valid.  I've seen the most =
> elaborate of computer security techniques, but anybody could have walked =
> in a removed the whole damn site!

Systems in academia have the unique position of being used by a whole com-
munity of people (numbering in the thousands) whare are around, ostensibly,
to be stimulated to a high level of curiosity.  This tends to yield at least
a couple of people who are more than a little curious about what can be done/
obtained from your computer system.

Now, this may seem innocuous, as most of the data in the University computer
systems is neither private, nor sensitive.  But think of it as coming home to
find that someone has walked in off the street, and is sitting on your sofa,
doing nothing.  He has not bothered aything, and he has not taken anything,
but he is still there, and he does not belong...  It's not a problem that
your data really goes out in the open, but it's nobody's business, either.

Besides, there is the classic credit card number scheme.  I think you'd be
surprised how many people keep sensitive things such as this around in
accounts, not to mention passwords to other systems, etc.  It would seem to
me that you wouldn't have to retain the "300+ GB of..." stuff that gets
to the server everyday to skim this type of data.  Just read it all, and pull
out the bits you want...

> Your losses due to ineffective backup will probably be much greater than =
> your losses from security issues.

Indeed.  But a little paranoia goes a long way...  It would be nice for
ADSM to use a secure channel for its data transfer.  Then all this discussion
would be moot.  No hassle to use, and no chance of data slurping.


Mark
(who wishes ADSM would go ahead and solidify)


--
============== See me at http://www.Tulane.EDU/~mjc ======================
============== See me at http://www.Tulane.EDU/~mjc ======================
Mark Justin Cecil    |  Tulane University    | mjc AT mailhost.tcs.tulane DOT 
edu
Systems Programmer   |   Computing Services  |     cecil AT eecs.tulane DOT edu
(504) 865-5631 x 2535|    New Orleans, LA    |  http://www.Tulane.edu/~mjc
<Prev in Thread] Current Thread [Next in Thread>