On Sat, 9 Dec 1995, Joel McNamara wrote:
One system administrator said the problem would have a greater effect on less-secure environments, such as universities and other institutions, than on corporations.
I didn't quite understand the "corporate speak" here. It sounds like something coming from Bosnia or something. It's Greek to me. What would make a University less secure than a corporation?? Universities (at least the ones, I've checked) have entire departments and theoreticians devoted to Computers ... companies usually don't. I'd think that Universities are much, much more secure environments than corporations are. Doesn't Microsoft know this?? Or is this unique to Seattle?? Alice de 'nonymous ... <an455120@anon.penet.fi> ...just another one of those... P.S. This post is in the public domain. C. S. U. M. O. C. L. U. N. E.
According to rumor, anonymous-remailer@shell.portal.com said:
On Sat, 9 Dec 1995, Joel McNamara wrote:
One system administrator said the problem would have a greater effect on less-secure environments, such as universities and other institutions, than on corporations.
I didn't quite understand the "corporate speak" here. It sounds like something coming from Bosnia or something. It's Greek to me.
What would make a University less secure than a corporation??
1) Usually more net connected hosts. 2) Lack of adequate sysadmin attention/knowlege. 3) Vague and poorly enforced site security policies. This is of course a generalization, but corporations seem to have more money and time to throw at security. On the other hand, it's common at Universities to get a new Sun/SGI/whatever, hook it to the net, and run it without spending a lot of time configuring it.
Universities (at least the ones, I've checked) have entire departments and theoreticians devoted to Computers ... companies usually don't.
Just because a University has a CS department doesn't mean that it is more secure. Even if security is an area of study, it doesn't mean that other departments benefit from the research.
I'd think that Universities are much, much more secure environments than corporations are. Doesn't Microsoft know this?? Or is this unique to Seattle??
I don't know what University sites you're referring to, my experience has been that on the average, .edu sites are less secure than .com sites. -- Kevin L. Prigge |"A computer lets you make more mistakes faster UofM Central Computing | than any invention in human history--with the email: klp@umn.edu | possible exceptions of handguns and tequila." 01001001110101100110001| - Mitch Ratcliffe
What would make a University less secure than a corporation??
Ostensibly, universities in the interest of academic freedom and promoting learning usually don't have nearly the same draconian measures that corporations have. They don't have to worry nearly as much about trade secrets being mailed out he front door, or information warfare attacks in which a competitor is attempting to penetrate the system.
Universities (at least the ones, I've checked) have entire departments and theoreticians devoted to Computers ... companies usually don't.
And those theoreticians sit behind their desks and keep scribbling on their pads. There's not much going on the ground with theory. Plus, if you knew anything about theory, a lot of theory has very little immediate practical importance...complexity theory is good to make sure that one-way functions actually do exist, but in progress, there's not much way to implement it. Ben. ____ Ben Samman..............................................samman@cs.yale.edu "If what Proust says is true, that happiness is the absence of fever, then I will never know happiness. For I am possessed by a fever for knowledge, experience, and creation." -Anais Nin PGP Encrypted Mail Welcomed Finger samman@powered.cs.yale.edu for key Anyone want to give a college grad a job? Mail me for a resume.
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 15 Dec 1995, Rev. Ben wrote:
What would make a University less secure than a corporation??
Ostensibly, universities in the interest of academic freedom and promoting learning usually don't have nearly the same draconian measures that corporations have.
More to the point, us poor professional staff don't stand a chance politically against students and faculty. We support whatever they want to use. I think it's more an issue of control. Ford IS can say Thou Shalt Not turn on SAP advertisement, and people will listen (or go away). At major Universities, what we do with troublemakers is, we hire them. But back to the point, the anonymous (cypherpunk relevance) "system administrator" (guess they couldn't find anyone willing to make a fool of himself on the record?) who said that Universities would be hurt more was wrong. We just don't have passwords on Win95 machines, or don't care if they're compromised. It's the people at Ford, Dow, and Sprint, which had wasted man-years putting together "policies" and "user profiles" that have proven to be worse than useless, who are pissed off.
Anyone want to give a college grad a job?
Actually, yes. Low $40's (consider CA cost of living), direct user support, but high level of freedom. You're probably overqualified, though. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMNH4PI3DXUbM57SdAQGy0QP/R/KG1cdZDru06vArZdTiO05/RRsg29Lv lrrpoEfoLQmIktsilObBX00J/CQPd667UkfD/s1DYR8nzdsbrbZG9M3iOU5I5r/m aDjdkBfQ1aRCfYNV+eiXen4MuuwXhWt/Hs++9bdfqiWhIIS1E3sRxK8emFIgXzm1 0o72frQsBXw= =4EHv -----END PGP SIGNATURE-----
What would make a University less secure than a corporation??
Ostensibly, universities in the interest of academic freedom and promoting learning usually don't have nearly the same draconian measures that corporations have.
More to the point, us poor professional staff don't stand a chance politically against students and faculty. We support whatever they want to use.
I think it's more an issue of control. Ford IS can say Thou Shalt Not turn on SAP advertisement, and people will listen (or go away). At major Universities, what we do with troublemakers is, we hire them.
I think your impression of the corporate work environment is a bit naive, just as most people in the commercial environment have misimpressions about university environments. In universities, the faculty rules - sort of. The administration also has a great deal of power as is usually wielded by the deans. In corporations there are often several levels of management, each with control and responsibility. Just as a university president has little chance of success in ordering something that is viewed by the faculty as a breach of privacy or heavy handed action, the CEO of most companies is similarly constrained. In fact, it would be rare that either would get involved is this level of decision. If Ford IS said "Thou Shalt Not turn on SAP advertisement" and someone in Ford's engineering department had a requirement for SAP advertisement in order to service a major customer, the IS department would fail (and the person responsible for making the decision might be surprised at how fast the human resources department can act).
But back to the point, the anonymous (cypherpunk relevance) "system administrator" (guess they couldn't find anyone willing to make a fool of himself on the record?) who said that Universities would be hurt more was wrong. We just don't have passwords on Win95 machines, or don't care if they're compromised. It's the people at Ford, Dow, and Sprint, which had wasted man-years putting together "policies" and "user profiles" that have proven to be worse than useless, who are pissed off.
In my experience, it is rarely the case that eaither a university or a business is well protected. Comparing one to the other is probably not very useful. One thing is for certain, however. The vast majority of the professors in computer science don't understand anything of substance about information protection. If you tried to tell them about it, chances are they would rebuff you for your attempt. Furthermore, professors of computer science almost never perform systems administration duties for the university computer center. The computer center is almost always run by professional staff not affiliated with the computer science department. -> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
participants (5)
-
anonymous-remailer@shell.portal.com -
fc@all.net -
Kevin L Prigge -
Rev. Ben -
Rich Graves