kenw@noah.arc.ab.ca (Ken Wallewein) (10/17/90)
> Detecting these may be virtually impossible with a careful hacker. Most > often you will see the trail of failed access attempts if they roam > around the system trying to nose into files. "Most" is kinda hard to quantify or evaluate. So is the relative probability of encountering a "careful hacker". Security 101: It depends on what level of security you need, and how much you are willing to work and spend to achieve it. Don't forget the indirect and intangible costs, as in the inconvenience to your users. For a given level of security, there will be someone who can bypass those measures. Security is very much like insurance; you calculate your exposure (probability of damage * cost of damage) and [purchase coverage | implement security measures] accordingly. I know and accept that a sufficiently motivated and funded person could bypass my system security; that same person might find it more practical to bypass our physical security instead. Unless you are a particularly juicy target, all you're likely to encounter are punks. Breakin detection has alerted me of attempted penetrations more than once. Simple security measures that keep out the riff-raff are just what I want. /kenw
MALRJ@indsvax1.BITNET (10/18/90)
This is too true. At my site, users often go without passwords if they are not installed... but I am in my own group and have my umask set too 077, so... A user shouldn't be entrusted with the security of a site, that is to say more sites need more usage of groups etc. C'est la vie... some sites just aren't secure, and never will be.