[Info-vax] Command Procedure Pipe output to a variable
Arne Vajhøj
arne at vajhoej.dk
Tue Sep 7 08:37:54 EDT 2021
On 9/6/2021 9:57 PM, Scott Dorsey wrote:
> =?UTF-8?Q?Arne_Vajh=c3=b8j?= <arne at vajhoej.dk> wrote:
>>
>> There are lots of networks where outsider hackers do not have
>> access.
>>
>> But when you start worrying about insider hackers then it becomes
>> more problematic.
>
> The problem is that, although internal network encryption and data
> compartmentalization can help a little bit against internal attacks,
> in the end it almost always breaks down.
>
> There is really very little that anyone can do about internal attacks
> other than to pay their employees well and treat them with respect.
> Surprisingly, a lot of companies find these two things nearly impossible
> to implement.
It is difficulty to protect against insiders, but I do not see that as
a valid excuse for not adding some measures.
Just imagine the argument "It is difficult to protect against insiders
so we we are OK with all VMS users having SETPRV".
Nobody would buy that.
My biggest concern with the focus on plain text passwords and
non authenticating network protocols is what that focus could
have been used on instead.
If prioritizing between that stuff and let us say application
security and third party software patching, then that stuff is
less important.
The problem is that it is way easier to focus on that stuff.
Arne
More information about the Info-vax
mailing list