Over-procedurizing as a security risk

From: Whit Blauvelt (whit@transpect.com)
Date: 11/04/01

Date: Sun, 4 Nov 2001 11:31:08 -0500
From: Whit Blauvelt <whit@transpect.com>
To: focus-linux@securityfocus.com
Subject: Over-procedurizing as a security risk
Message-ID: <20011104113108.A1011@free.transpect.com>

On Fri, Nov 02, 2001 at 11:03:34AM -0800, Seth Arnold wrote:

> However, if your question is, "why allow direct root logins from a
> remote workstation rather than requiring all users to go through su or
> sudo?", well, that is a mystery. :)

Well, there's the human factor. The administrator is (sometimes almost)
human, and security is better if the human is checking in early and often.
In my self-experiments, knowing I can get to one of the systems I remotely
administer with "ssh nickname" and being there instantly as root means I end
up going there more often, whereas the extra "su" step is just enough to
dissuade me (on a fairly unconscious level). Is this logical? Maybe not, but
logic is for machines and Vulcans. Is it safe? Well, this is OpenSSH relying
on certificates and firewalls that are strict about what IP I'm connecting
in from.

Security breaches are often a matter of "human engineering," but so is
maintaining security. Short cuts are good if they entice the administrator
to do the job more thoroughly. Standing against them in the name of "good
procedures" is security model of bureaucracy - which always makes good
logical sense, except there's this strange effect where in the real world
when logic piles up too thick silliness sets in, because people so
constrained just don't function as well.


Relevant Pages