Re: privacy on Unix-servers
From: Casey Schaufler (casey@sgi.com)
Date: 01/27/03
- Next message: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
- Previous message: Christopher Klaus: "WLAN 802.11b Security FAQ"
- In reply to: Eirik Seim: "Re: privacy on Unix-servers"
- Next in thread: phn@icke-reklam.ipsec.nu: "Re: privacy on Unix-servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Casey Schaufler <casey@sgi.com> Date: Mon, 27 Jan 2003 09:47:44 -0800
Eirik Seim wrote:
> Having an expert at hand, is Trusted Irix much different than regular Irix
> from a syadmin point of view? In day-to-day administration?
You don't get GUIs (yet, we're working on that). There are
Mandatory Access Control (MAC) label definitions and clearances
to deal with. The big issue is remote host specification,
because you have to decide what MAC information to associate
with non-Trix machines. This isn't hard, but you have to spend
a good amount of time explaining to people why they can't
log in as a SECRET user from an UNCLASS host. There's no
Superuser, but it doesn't usually take an admin long to learn
which facilities address that issue.
The biggest problem we see is with sysadmins who just
want to figure out how to "get around this MAC stuff"
and try to do everything the way they're used to. It is
different, but once the change is accepted, it's not
that different.
-- Casey Schaufler Manager, Trust Technology, SGI casey@sgi.com voice: 650.933.1634 casey_p@pager.sgi.com Pager: 877.557.3184
- Next message: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
- Previous message: Christopher Klaus: "WLAN 802.11b Security FAQ"
- In reply to: Eirik Seim: "Re: privacy on Unix-servers"
- Next in thread: phn@icke-reklam.ipsec.nu: "Re: privacy on Unix-servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
