| From: | Mongoose m0ng005e@*********.com |
|---|---|
| Subject: | Matrix Security Tally |
| Date: | Fri, 2 Jul 1999 10:42:57 -0500 |
:> A gets into a MCT research node. He gets the tally up to trigger a
:> blaster IC. I don't foresee all icons in the node having to deal with
:> the upgraded security and the blaster IC..
:
: On the contrary. Gene Spafford in his "Unix Security" book says that
:security is inversely proportional to convenience. From my experience as
:a systems administrator, I know that when a break-in is detected, the
:*first* thing you do is isolate the machine from the Net: after that, you
:check *everything*. Compared to the entire box going down, all the icons
:in a node having to deal with increased security seems to me positively
:mild.
A Unix sys-admins security measures don't have the potential of
permanantly damaging all the users equipment, or even the users themselves.
If a decker got in and ran stuff up to level where Black IC was active, and
that affected ALL persons on the host, a LOT of people could get hurt.
Besides, IC takes a fair bit of computing power to do its job; it probably
would not be effective if it was not selective about who it goes after,
because it would slow the whole system (including the IC) down.
The expierinces of "the great carsh" and the development of Cyberdecks
literally created new securituy paradigms. IC is not your grandfatheres
firewall.
: The way I see it, Security Tally is a measure of things going wrong on
:the machine/net in question. Odd entries in system logs, odd snmp alerts,
:too much system load, too little system load, processes running which
:shouldn't be, etc. So, as the Security Tally goes up the system becomes
:progressively more suspicious that a decker is in the system.
The way I see it , Security Tally is a measure of how well the sytem has
succeded at tracing all those little things gone wrong back to the icon that
did them.
: Let's say I'm an MCT research scientist. If I log into a machine
:with a Security Tally of 12 because Joe Bob the Decker is in it, all I
:will notice is that the system may seem slow or sluggish. I won't notice
:that all myactions are being logged -- but by the same token, I won't
:raise the security tally because I *am* a legit user, and no IC will act
:against me.
Well, there is that. IC need not act against persons who use no
masking, and who are regestered users performing aproved tasks.
Point is (and this came up LONG ago) you can do it either way, as long
as the GM is reasonably fair about the efects and can figure out how to
apply them cocnsistantly.
Mongoose
