[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More on Security

    There are many people here who are just too network-unsophisticated to
    understand all the implications of being on the INTERNET.

    The *only* thing that will satisfy them, it seems, is a "standard" login
    prompt that allows only authorized users access to the machine. They
    find the idea of locking up the keyboard somewhat silly.

Then they must not only be network-unsophisticated but also very naive
about computer system security.  The folks who really care about
security at a place like Los Alamos National Lab, for example, routinely
lock up their consoles in secure offices when not in use, and they have
lockboxes and secure conduits on every cable between those offices and
their computer rooms.  

Any strictly password-based scheme is extremely suspect, because there
are many ways of discovering passwords (or other non-physical keys) if
one tries hard enough.  The only way to prevent access by unauthorized
users is to not only make it difficult to get into a system once you're
at the console, but also to make it physically difficult to access the
console in the first place.  Physical access alarms are also quite easy
to implement compared with computer access alarms, because an
unauthorized computer user who has the right information can easily
masquerade as an authorized user.

Any security scheme can be broken, regardless of how sophisticated or
strong it might be.  The trick is to have multi-layered physical and
computer-based security so that unauthorized access becomes cumbersome
and slow enough as to be both unprofitable and readily detectable.

A more direct response to your original question: I doubt that it is
possible to implement a non-physical security scheme which adequately
prevents access through a Symbolics console, simply because of the
nature of lispms.  If your people will be satisfied with a "login prompt
that allows only authorized users access to the machine" (or, more
precisely, if they assume that such a thing is possible), it is only
because they are unfamiliar with lispm software environments.