pataky@tove.cs.umd.edu (Bill Pataky) (02/15/91)
From: pataky@tove.cs.umd.edu (Bill Pataky) In article <1991Feb13.223229.8138@cbnews.att.com> optilink!cramer@uunet.UU.NET (Clayton Cramer) writes: > >One of the janitors hit a big switch downstairs with his mop >handle while cleaning the floor. So I decided to take a careful >look at the badges used by the janitors in SFOF. Sure enough, >no picture badges, and a generic mag stripe card to get them >in every room in the building. All these security precautions >could have been easily circumvented by getting a job with the >janitorial firm (an outside contractor), and just walking in >the door with a mop. > >Does it seem like the people responsible for "security" like >to play with neat toys? Well, rather than bash the entire community responsible for physical and electronic security, I think you probably should focus on the site security officer at JPL at that time. He/she obviously neglected to identify the weak link in the system and assess the threat from that link. I suspect he/she was subsequently relieved of those duties. On computer security: The idea of bribing an insider is specifically what Multi-Level Security systems are designed to limit. Mandatory access controls combined with discretionary access controls will limit the amount of damage a particular individual can do. Bill Pataky ------------------------------------------------------------------------------ domain: pataky@itd.nrl.navy.mil voice: 202.404.7110 path: ..!uunet!itd.nrl.navy.mil!pataky fax: 202.404.7942 ==============================================================================
shafer@skipper.dfrf.nasa.gov (Mary Shafer) (02/18/91)
From: Mary Shafer <shafer@skipper.dfrf.nasa.gov> Bill Pataky (pataky@tove.cs.umd.edu) WRITES: >In article <1991Feb13.223229.8138@cbnews.att.com> optilink!cramer@uunet.UU.NET >(Clayton Cramer) writes: >>One of the janitors hit a big switch downstairs with his mop >>handle while cleaning the floor. So I decided to take a careful >>look at the badges used by the janitors in SFOF. Sure enough, >>no picture badges, and a generic mag stripe card to get them >>in every room in the building. All these security precautions >>could have been easily circumvented by getting a job with the >>janitorial firm (an outside contractor), and just walking in >>the door with a mop. >Well, rather than bash the entire community responsible for physical >and electronic security, I think you probably should focus on the >site security officer at JPL at that time. He/she obviously neglected >to identify the weak link in the system and assess the threat from >that link. I suspect he/she was subsequently relieved of those duties. In our most recent yearly security briefing someone asked about support personnel. Background investigations are done on _all_ personnel with unescorted access to NASA buildings. Janitors, the Xerox repairman, the bottled water guy, the vending machine guy, .... They all have picture badges. Even the FBI can't guarantee the trustworthiness of their own agents, but it's not for lack of trying. -- Mary Shafer shafer@skipper.dfrf.nasa.gov ames!skipper.dfrf.nasa.gov!shafer NASA Ames Dryden Flight Research Facility, Edwards, CA Of course I don't speak for NASA "A MiG at your six is better than no MiG at all"--Unknown US fighter pilot