[Info-vax] Bradley Manning and OpenVMS
JF Mezei
jfmezei.spamnot at vaxination.ca
Mon Dec 9 01:57:22 EST 2013
On 13-12-08 07:43, Simon Clubley wrote:
> Without mandatory access controls, he could have just used his administrator
> privileges to turn them off before copying the files.
On a good OS, turning off logging would be logged. You fire an employee
who turns off logging without a signed letter from the CEO authorizing it.
Also, this is why VMS supports 2 passwords for accounts. You require 2
persons to login with any privilege that can give you access to
files/devices/privileges you don't have.
But no matter what sort of surface procedures you institute, I am not
sure there is a truly foolproof way to secure a system against all
employees. Eventiually there are a few key employees you need to trust.
But if data is encrypted, then the system manager may have access to the
files, but won't really have access to the data (unless he then uses
brite force to decrypt it at home).
If a user with the keys colludes with system manager, then the later can
steal the data and the former decrypt it.
More information about the Info-vax
mailing list