[CLUE-Tech] Sys Admin security and user directory security

Timothy C. Klein teece at silverklein.net
Tue Dec 18 16:49:41 MST 2001 

I disagree, I non-Linux/low-tech solution is *not* needed.  This can be
done with Linux, and indeed has been done with Linux.  As I mentioned
earlier in the thread, see SE Linux from the NSA.

Computer users who need the highest of security (Norad, FBI, NSA, etc.)
recognized, a while ago, a fundamental problem with the Unix
system, from a security standpoint:  the root account.  That is
what access control lists and such were created to solve.  If
the computer holds secrets that could get people *killed* if
those secrets are leaked, then it is absolutely unaccpetable to
let the root account have access to those secrets.  Thus, the
root account is give all the admin rights needed, but access
control lists will stil enforce a strict compartmentalization of
data.  Thus the sysadmin can install binaries, shutdown the
system, restart daemons, etc, but he or she can *not* read the
data in the in the NSA directors home labeled top secret.  This
still requires one person to dole out the ACL power, but it can
be monitored more closely, and only be allowed under certain
difficult to acheive circumstances.  And that person will be a high
level official in the company, I assume.  Couple this with strong
encryption, etc, and it can be very hard to bipass, I imagine.

That being said, the average home or business has no use, nor desire,
for this kind of security.  Thus the average Unix system does not have
these features.  The average business person will probably think that
his or her files are much more sensitive then they really are.  If the
CEO wants to keep certain data totally private, it would generally be
more cost-effective to enrypt it, use a good password, and put it on a
locked up zip disk.  Deploy a full-blown, trused system would be
over-kill.  If the company deals with huge data bases of sensitive
customer financial data, or health care records, them maybe the cost of
a trusted system would be worth it.  In either case, I beleive that
Linux could be used as a solution, although I don't know that many
people have chosen to do so.

Tim

* Kevin Cullis (kevincu at orci.com) wrote:
> Adam,
> 
> You bring up some interesting issues.  The reason that I brought it up
> was a few years ago some IRS agents were looking at their neighbors tax
> returns just for the sake of it, not having a good reason to look at
> them, but did have the access. That's sort of the issue I'm looking at.
> I guess an issue is not letting root READ the files versus being able to
> access the directory where the file resides.
> 
> Understand, this is not a critical issue, but one of assessing the
> capability and policies which need to be considered to warrant this
> level of security and what would need to be planned now in case it was
> needed.  In addition, there is, ahem, a PHB reason: if you were the CIO
> of a company, would you want everyone in the organization to know your
> salary if the sysadmin could look at the info (barring any public
> disclosure by Federal requirements)? 
> 
> It sounds like a non-Linux/low tech solution would be needed: Zip disks
> like you said and delete all files off of the hard drive.
> 

--
==============================================
== Timothy Klein || teece at silverklein.net   ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================

More information about the clue-tech mailing list