Subject: Re: Policy questions
To: Jason Thorpe <thorpej@wasabisystems.com>
From: Nathan J. Williams <nathanw@wasabisystems.com>
List: tech-userlevel
Date: 12/30/2003 00:09:18
Jason Thorpe <thorpej@wasabisystems.com> writes:

> On Dec 29, 2003, at 7:04 PM, Nathan J. Williams wrote:
> 
> > I think we should keep the r* commands because people use them and I
> > believe in supplying rope, but I think that anyone who uses them in
> > the belief that some part of their network is "private" and thereby
> > secure is setting themselves up for a nasty surprise.
> 
> It is easy to set up completely private networks, that have no
> connection to an outside world, with no way to connect to that network
> except by having physical access to it.

And it's also easy for the threat perimiter of that network to be
breached, often accidentally, by someone who has a machine to attach
to that network that has previously been attached to the public
network, or who dials up to a corporate network that is less well
secured, or so on. It's easy for the fact that the privacy of the
network is crucial to be forgotten over the years, as staff changes
and collective knowledge decays. The security of such a setup is
terribly fragile.

> Such networks are perfect candidates for the r* commands.

I won't say you can't do that; I'm happy to supply rope. But I will
say that you shouldn't, even if you think it's private and secure.

        - Nathan