|
|
On Sun, 14 Oct 2007 20:19:00 -0400, Warp wrote:
> Jim Henderson <nos### [at] nospamcom> wrote:
>> > Optimally only the person who knows the root password has direct
>> > access
>> > to the computer.
>
>> This is certainly true for servers. Unfortunately, we also have these
>> things called "users" who use computers. ;-)
>
> Users should only use the computer remotely. Just give the users a
> dummy "multimedia" PC with no valuable information stored in it and
> which HD can be reset to default each night. (That's what they do at the
> university here.)
We could do terminal server - how about just dumb terminals?
That's not really the reality of how computers are used these days - I
travel occasionally, not having files on my laptop would cripple my
ability to do work. A not insignificant amount of the population works
that way.
> Networked file systems exist for a reason.
Yes, mostly for recovery. If a desktop is compromised, the network
filesystem can also be compromised. It's not as easy, but it's certainly
possible.
Why? Because users do stupid things with passwords. They leave access
cards in their desks, etc, etc, etc.
But even more significantly, social engineering attacks lead to more
compromise of data than any technical hacking does.
I've only been working with data security for about 15 years, with my
first environment being an academic computer lab at a university,
though. ;-)
Jim
Post a reply to this message
|
|