Re: And another one just for fun!

From: Lohkee (Lohkee_at_worldnet.att.net)
Date: 09/25/03 

Date: Wed, 24 Sep 2003 23:44:32 GMT

"Graham Murray" <newspost@gmurray.org.uk> wrote in message
news:m3oex9vqwc.fsf@home.gmurray.org.uk...
> In uk.comp.security, spamtrap(do not spam)@xivic.prima.de (Wolfgang
> Schelongowski) writes:
>
> > We are into distributed systems now, not mainframes and dumb (compared
> > to PCs) terminals. So some concepts from that area won't work in this
> > context.
>
> True, but that does not counter the phenomenon where 'modern' systems
> are hitting the same (or very similar) problems that mainframe
> programmers encountered and solved many years ago - and often finding
> themselves re-inventing the wheel rather than learning from the
> solutions that the mainframe world came up with more than 20 years
> ago.

I agree. The control objectives that were around twenty years ago (I&A,
DAC/MAC, Accountability and Assurance) are just as relevant today as they
were yesterday, perhaps more so given the widespread use of personal
computers for mission critical applications. The wide-open-anything-goes
environment promoted by the PC industry was wonderful for growth within the
industry in 1981 but it will never achieve a meaningful degree of security
within the business environment simply because one is the antithesis of the
other. This is not to say that PCs cannot or should not be used, only that
people need to rethink their idea of how a PC should operate with regard to
the business environment. Should a wordprocessor have the ability to imbed
or execute code (thereby giving anyone with access the ability to write
programs) on a corporate network? Should a company be taken seriously with
regard to trusted computing when they routinely imbed games in their
"professional" applications? Should an unidentified individual be allowed to
load and run programs at will on your mission critical production system
without your knowledge or consent (thinking email here)? Security is easy
from a technological perspective, it is the damned PC mentality fostered by
the industry that prevents it from happening (God forbid we give up the
ability to surf for porn at work).

Lohkee!

Relevant Pages

  • Re: And another one just for fun!
    ... >> to PCs) terminals. ... environment promoted by the PC industry was wonderful for growth within the ... within the business environment simply because one is the antithesis of the ... Should a wordprocessor have the ability to imbed ...
    (comp.security.misc)
  • Re: Fourth Edition -- best guess when?
    ... anyway because of spells like Awaken) -- and then literally delimit ... the special effect only kicks in if the ability damage ... The CR = HD guideline doesn't even work for straight up PCs (even ... building options so that any ability you give them has to be equally ...
    (rec.games.frp.dnd)
  • Re: Sasser worm
    ... to PCs and rely on the same expectations that apply in any other ... >updated with the latest patches, run antivirus software, ... - has no firewall or av running by default ... This is likely to improve, but right now, the IT industry is on really ...
    (microsoft.public.security.virus)
  • Re: peeves
    ... runs up to the PCs, gasps out a message and drops dead--despite ... healing would naturally, in the system, work. ... Game systems where flight is a _common_ ability: ... It is just railroading the characters into going ...
    (rec.games.frp.advocacy)
  • Re: Major problems with Toshibas HD-DVD=DEAD
    ... There were no i80186 PCs out there. ... "Rittal is one of the world's largest manufacturers of control cabinets. ... industry, and no, I am not talking about consumer products, you ... People were arguing that the Toshiba HD DVD players, consumer devices, were ...
    (alt.video.dvd)