Comprehensive security?

Discussion in 'Computer Security' started by Unknown, Nov 28, 2008.

  1. Unknown

    Unknown Guest

    Hello. I have not posted here before, but it seems like you folks can
    probably give good analysis of computer security problems.
    If I understand things correctly, the following combinations should
    provide good security:

    Firewalls and real-time AV programs are the only defense against
    unsolicited problems?
    Bios password protects against unauthorized access, so long as the
    hard drive is in the same computer as it was when the password was
    installed.
    Whole-drive encryption protects unauthorized access if your drive
    is removed and accessed by a third party as an external data storage
    device.
    Encrypting transmissions across the internet will provide security
    if my transmissions are intercepted.
    Some sort of tunneling (ssl, ssh, ssd, etc.) can be used to secure
    transmissions over the internet.
    An anonymizing service can prevent tracking by a local ISP.

    Are there any other nodes where security can be compromised? How
    can I prevent them from being compromised?
    Obviously, my IP address is necessary in order for any other computer
    to send me the files I am trying to access. Is there any way to make
    my IP address unrecognizable to anyone intercepting a transmission?
    I am not concerned about anyone knowing my RL identity, and things
    like that, I just don't want anyone to know anything I don't explicitly
    put out there.

    I am currently running XP, Comodo firewall, and avast! anti-virus.

    Sincerely,

    DES
    Unknown, Nov 28, 2008
    #1
    1. Advertising

  2. Unknown

    Unknown Guest

    "Frank Merlott" <> wrote in message
    news:...

    >> Bios password protects against unauthorized access, so long as the
    >> hard drive is in the same computer as it was when the password was
    >> installed.

    >
    > You can reset the BIOS password opening the case and taking out the
    > battery, a child's game. In addition some companies have a master password
    > for the BIOS (i.e backdoor).


    Yes, I had read that. In this group, it seemed that there was at least some
    merit to using it. However, it appears that this is the weak link in
    computer
    security. Originally I came up with the idea of including password
    protection
    in the "read" command protocols. If a "read disk" command was issued,
    the "read disk" hardware would not implement the "read" before checking
    that it had proper permission to do so. But I have not been able to come
    up with a way of implementing that kind of programming, either hard or
    soft. Further, the password and the protocol would have to be on the
    HD, and encrypted, so that the disk address read would always have to be
    the same, i.e., preprogrammed. This would allow for anyone reading the
    disk as an external device to simply read a given track/sector/etc., get the
    password, and go from there. Even if the disk was encrypted, some disk
    info would be available, and would probably eventually allow for decryption.

    > The obvious thing, if you computer is switched and someone can access it
    > whole disk encryption will not help you, SSH will not help you, nothing
    > will help you, make sure your computer is never switched on when you are
    > not there.


    .... because all of these things operate automatically once you are booted
    up and logged in. Thus my interest in preventing boot-up.

    > Do not install warez (ie cracked software) in your computer, they may
    > contain trojans and once a trojan is in your computer they will do
    > anything they like with it.


    I have seen the term warez, but I have never known what it is. I have
    never had anything to do with it. Thanks for the info.

    DES
    Unknown, Nov 28, 2008
    #2
    1. Advertising

  3. Unknown

    Unknown Guest

    "Frank Merlott" <> wrote in message
    news:...

    > I would add to that JanusVM or Operator and Truecrypt.


    Question: Is VMware player or VMware server the better choice? What are
    the differences?

    Thanks for all your help.

    DES
    Unknown, Nov 29, 2008
    #3
  4. Unknown

    Kayman Guest

    On Fri, 28 Nov 2008 12:10:21 -0500, Unknown wrote:

    > Hello. I have not posted here before, but it seems like you folks can
    > probably give good analysis of computer security problems.
    > If I understand things correctly, the following combinations should
    > provide good security:
    >
    > Firewalls and real-time AV programs are the only defense against
    > unsolicited problems?
    > Bios password protects against unauthorized access, so long as the
    > hard drive is in the same computer as it was when the password was
    > installed.
    > Whole-drive encryption protects unauthorized access if your drive
    > is removed and accessed by a third party as an external data storage
    > device.
    > Encrypting transmissions across the internet will provide security
    > if my transmissions are intercepted.
    > Some sort of tunneling (ssl, ssh, ssd, etc.) can be used to secure
    > transmissions over the internet.
    > An anonymizing service can prevent tracking by a local ISP.
    >
    > Are there any other nodes where security can be compromised? How
    > can I prevent them from being compromised?
    > Obviously, my IP address is necessary in order for any other computer
    > to send me the files I am trying to access. Is there any way to make
    > my IP address unrecognizable to anyone intercepting a transmission?
    > I am not concerned about anyone knowing my RL identity, and things
    > like that, I just don't want anyone to know anything I don't explicitly
    > put out there.
    >
    > I am currently running XP, Comodo firewall, and avast! anti-virus.


    "*Security is a process not a product*" (Bruce Schneier).

    Educational reading:
    10 Immutable Laws of Security.
    http://technet.microsoft.com/en-us/library/cc722487.aspx

    For WinXP the most dependable defenses are:-
    1. Do not work as Administrator; For day-to-day work routinely use a
    Least-privileged User Account (LUA).
    Applying the Principle of Least Privilege to User Accounts on
    WindowsXP
    http://technet.microsoft.com/en-us/library/bb456992.aspx

    2. Secure (Harden) your operating system.
    http://www.5starsupport.com/tutorial/hardening-windows.htm

    3. Don't expose services to public networks.
    Windows XP Service Pack 3 Service Configurations
    http://www.blackviper.com/WinXP/servicecfg.htm

    4. Keep your operating (OS) system (and all software on it)
    updated/patched.
    How to configure and use Automatic Updates in Windows XP
    http://support.microsoft.com/kb/306525
    http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us

    4a.Got SP3 yet?
    Why Service Packs are Better Than Patches.
    http://www.microsoft.com/technet/archive/community/columns/security/essays/srvpatch.mspx?mfr=true

    5. Reconsider the usage of IE and OE.
    Utilizing another browser application and e-mail provider can add to
    the overall security of the OS.
    Consider: Opera, FireFox or Seamonkey and PegasusMail, Thunderbird,
    or WLM.

    5a.Secure (Harden) Internet Explorer.
    Internet Explorer7 Desktop Security Guide.
    http://www.microsoft.com/downloads/...DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en

    6. Review your installed 3rd party software applications/utilities;
    Remove clutter, *including* all Anti-WhatEver ware and 3rd party
    software personal firewall application (PFW) - the one which
    claims: "It can stop/control malicious outbound traffic".

    7. If on dial-up Internet connection, activate the build-in firewall.
    Windows XP: How to turn on your firewall.
    http://www.microsoft.com/protect/computer/firewall/xp.mspx

    7a.Configure Windows by using:
    Seconfig XP 1.1
    http://seconfig.sytes.net/

    7b.If on high-speed Internet connection use a Router and
    implement Countermeasures against DNSChanger.
    http://extremesecurity.blogspot.com/2008/06/use-default-password-get-hijacked.html

    7c.And (just in case) Wired Equivalent Privacy (WEP) has been
    superseded by Wi-Fi Protected Access (WPA).

    8. Utilize one (1) each 'real-time' anti-virus and anti-spy
    application.
    Consider: Avira AntiVirĀ® PersonalEdition Classic - Free
    and Windows Defender.

    9. Employ back-up application(s).
    Windows XP Backup Made Easy
    http://www.microsoft.com/windowsxp/using/setup/learnmore/bott_03july14.mspx
    Consider: Acronis, Casper or Norton Ghost and ERUNT.

    9a.Utilize vital operating system monitor utilities/applications.
    Consider: Process Explorer, AutoRuns, TCPView, WALLWATCHER, Wireshark,
    Port Reporter etc.

    10.Routinely practice Safe-Hex.
    http://www.claymania.com/safe-hex.html

    The least preferred defenses are:-
    Myriads of popular anti-whatever (*real-time*) applications and staying
    ignorant.

    FYI:
    Avoiding Rootkit Infection.
    "The rules to avoid rootkit infection are for the most part the same as
    avoiding any malware infection however there are some special
    considerations:
    Because rootkits meddle with the operating system itself they *require*
    full Administrator rights to install. Hence infection can be avoided by
    running Windows from an account with *lesser* privileges" (LUA in XP and
    UAC in Vista).

    Good luck :)
    Kayman, Nov 29, 2008
    #4
  5. Unknown

    Unknown Guest

    "Moe Trin" <> wrote in message
    news:...

    > <Snickers> Is all of that crap up to date? I doubt it.
    >
    > Old guy


    Assuming that your post was intended as flame-bait, I will keep this short.

    I don't know how old you are, but I doubt you've been using desk-tops,
    the internet, or newsgroups longer than I have. I've been using computers
    for longer than any of those things have been around, and certainly since
    long before RFC1855 was even a thought. I check for updates daily,
    at least. Most of the suggestions given so far I had already implemented
    (including all but one of the suggestions given in the websites suggested by
    Kayman), but was looking for input from other perspectives, in case I had
    missed something. Yours was particularly un-helpful, but will nevertheless
    be scrutinized for any bit of information I can glean from it (which might
    be more than you think). I've even been reading, but not posting to,
    acs. for some time.

    DES
    Unknown, Nov 29, 2008
    #5
  6. Unknown

    Unknown Guest

    "Moe Trin" <> wrote in message
    news:...
    > On Sat, 29 Nov 2008, in the Usenet newsgroup alt.computer.security, in
    > article
    > <b0650$49318230$4832fca$>, Unknown wrote:
    >
    >>Assuming that your post was intended as flame-bait, I will keep this
    >>short.

    >
    > It wasn't - really simple. Most mal-ware infections are the result of
    > the user doing st00pid things. If you're not aware of that, no
    > anti-mal-ware is going to help. Tunneling and anonymizing sound
    > great. Do you know who is operating the service you are using?
    > Recently, a spammer posted to a number of newsgroups advertising such
    > services... using servers located in Guangdong province. Trivial to
    > discover if you have a clue - most people don't.


    Actually, my only tunneling experience has been with my brief association
    with a news provider other than my ISP. It was configured by that news
    provider (funny, I can't remember which news provider it was -- many
    of them are offering tunneling as an add-on to the basic subscription.)

    >>I don't know how old you are, but I doubt you've been using desk-tops,
    >>the internet, or newsgroups longer than I have.

    >
    > Does a 'bang-path' mean anything to you? Mine was two links beyond Ames.


    No, that doesn't mean anything to me. I was never a computer nerd, geek, or
    anything else like that. Computers have always been a tool to me.

    >>I've been using computers for longer than any of those things have been
    >>around, and certainly since long before RFC1855 was even a thought.

    >
    > RFC1855 was from 1995. Usenet is about 15 years older than that, and
    > computer networks go back years before even that. Do you remember the
    > original 3 MHz Ethernet?


    I remember Ethernet, is there still any of it still around? Couldn't say if
    it
    was 3MHz or not.

    > It predates the S-100 and Apple I, never mind
    > the Apple ][ or IBM PC. We finally retired our last 3Base5 subnet about
    > fifteen years ago.


    The first small "computer" I had was a TI programmable calculator. Since
    it was able to save a program it counted as a computer, although I didn't
    know that at the time. I briefly had a Commodore 64. My college-level
    work was mostly sciences (I graduated with a BS in Combined Sciences
    in 1980), but along the way I picked up 2-3 years of computer science
    classes as electives. Some of those were basic classes (I've programmed
    in IBM 360 assembler language, Fortran, and a few other relatively low-level
    languages; have even entered hex code into debug for short programs).
    One of those classes was a senior level course in "Microcomputer System
    Architecture", in which I wrote operating systems for the "new" desktop
    computers that had just recently come out. Actually, my first computer
    course was a continuing education class at the local university while I
    was still in high school, about 1970 or 71. I graduated high school in
    1972.

    >>I check for updates daily, at least. Most of the suggestions given
    >>so far I had already implemented (including all but one of the
    >>suggestions given in the websites suggested by Kayman), but was looking
    >>for input from other perspectives, in case I had missed something.

    >
    > and yet you are using Outlook Express on an Internet connection. Why?
    > In another article here, you state that you have Xnews and alternative
    > browsers, so it's not as if LookOut is the only application you've
    > bothered to learn how to use. That application _alone_ has more CERT
    > advisories than anything else.


    I don't really know why. Maybe I'm just comfortable with it. Xnews does
    seem to have more reliable downloads, though. Fewer come through
    uncorrupted.

    As to the "big eight" - one of the things that I liked when I saw this
    group
    was the more relaxed attitudes that I saw here. It's kinda like sitting
    around
    a pitcher of beer, with no full glasses, each person in turn (or out)
    exclaiming
    "No shit, there I was..."! I have my own story....

    BTW, I do "read" the porn groups, my mommy knows it, and just shakes her
    head. Not much she can do about it at my age, and the fact that she doesn't
    live with me. But she loves me anyway! Actually, most of my online
    activity
    is educational... I have special interests in anaerobic digester --> fuel
    cell
    technologies, biosystematics, cosmology, history, and the history of movies,
    newspapers, magazines, radio, and television.

    But in fact, I do not limit my browsing in any way. For that reason alone
    I am subject to malicious intrusions from both the bad guys and the
    (supposed)
    good guys (government) who try to censor what I can look at. I suppose the
    fact that I once emailed Janet Reno threatening to purchase a gun (legally)
    for the first time in my life specifically to protect myself from law
    enforcement
    agents (of various ilk) doesn't help my situation any. I didn't actually
    threaten
    to harm anyone, just defend myself, but basically it was saying that the
    government was the bad guy, and that doesn't sit well with LE.

    DES
    Unknown, Nov 30, 2008
    #6
  7. Unknown

    Unknown Guest

    "Tim Jackson" <> wrote in message
    news:...

    > Hey is this an old IT guys convention. Can I join in? I did my time on
    > card punches.


    Yeah, even my earliest college-level computer courses used cards...
    no such thing as a micro-/mini- computer back then.

    So, maybe it is an "old IT guys convention". I have never been a
    professional in the field, but many years ago I did a few years
    formal study in the field of computers. Some of my courses
    bordered on mathematical logic, and I actually do have some
    formal work in logic. Courses like "discrete structures" were
    taught as both math and computer science courses. "Data Structures"
    taught things like stacks, queues, linked lists, and the like (are those
    things still used today in "file system" types of software?)

    DES
    Unknown, Nov 30, 2008
    #7
  8. Unknown

    Unknown Guest

    "Moe Trin" <> wrote in message
    news:...

    > It wasn't - really simple. Most mal-ware infections are the result of
    > the user doing st00pid things. If you're not aware of that, no
    > anti-mal-ware is going to help.


    So, let me explain how I see security through software. It has a most
    precise analogy with "safety",
    as in the workplace, at home, etc.

    For 17 years I worked as an industrial pretreatment sampler. My job was to
    take samples of
    industrial waste water, do some very basic tests such as measuring pH and
    such, prepare those
    samples for further lab analysis, and clean the equipment. At every stage I
    was exposed to
    hazardous chemicals, some extremely so. Some of them were common things,
    like hydrochloric
    acid, sodium hydroxide, etc., but in much higher concentrations than one
    might find in most
    home or commercial settings. Sometimes I worked with 99.99% concentrations.
    HCl could
    burn through you on contact. There were also the unknowns. Since we were
    testing for
    what was in the water, it goes without saying that we really didn't know for
    sure what was in
    the water.

    Doing the job was fairly straightforward. We sucked up water into glass
    bottles, poured that
    sample into multiple other bottles, put acids and bases into the bottles in
    order to "preserve"
    what we were going to test for, and apply caps and labels. Cleaning our
    equipment was done
    with HCl, strong enough to burn skin on contact. During this whole process,
    if we were very
    careful, there would be no spills, splashes, overflows, etc. But if things
    didn't go perfectly
    (and of course, nothing's perfect), there were all manner of things that
    could go wrong, from
    broken glass flying at your head (yes, that actually happened to me) to
    splashing acid on your
    skin and into your eyes (yes, had both those things happen to me), to
    irritations of the skin,
    lungs, and digestive tract. Sometimes I took samples from down in the
    sewers. We were
    always in danger of inhaling and swallowing waterborne pathogens. Since we
    tested hospital
    waste, we were in danger of coming into contact with improperly (and
    illegally) disposed of
    syringes, needles, and other medical waste (on several occasions this
    happened).

    Because of the dangers, we did our job in isolation, setting up a protected
    area around
    the work site, to exclude the uninformed from doing anything that might be
    dangerous,
    simply out of ignorance of the situation.

    Throughout all the process there were specified personal protective
    equipment (PPE). They
    might include simple face masks, like you can get in any hardware store;
    more complex
    cannister-style filter masks; gloves that could withstand high water
    temperatures; latex and
    other gloves to handle medical dangers; sometimes full body suits; goggles,
    and other safety
    glasses; etc.

    Now, I can get onto the Internet, and use all of the services available, and
    do so with ease.
    If there are no leaks, spills, overflows, dumps, etc. everything is okay.
    But I would really
    like my computer to have its own PPE. Thus, encryption, tunneling,
    passwords, etc.

    All these things are the PPE for my computer, and I wouldn't want to do
    anything without
    them.

    DES
    Unknown, Nov 30, 2008
    #8
  9. (Moe Trin) writes:
    > RFC1855 was from 1995. Usenet is about 15 years older than that, and
    > computer networks go back years before even that. Do you remember the
    > original 3 MHz Ethernet? It predates the S-100 and Apple I, never mind
    > the Apple ][ or IBM PC. We finally retired our last 3Base5 subnet
    > about fifteen years ago.


    the internal network was larger than the arpanet/internet from just
    about the beginning until possibly late '85 or early '86.

    from old reference giving network sizes circa '85

    BITNET 435
    ARPAnet 1155
    CSnet 104 (excluding ARPAnet overlap)
    VNET 1650
    EasyNet 4200
    UUCP 6000
    USENET 1150 (excluding UUCP nodes)

    old announcement for the first gateway between the internal
    network and CSnet:
    http://www.garlic.com/~lynn/98.html#email821022
    in this post
    http://www.garlic.com/~lynn/98.html#0

    .... BITNET (and EARN) was educational network sponsored by the
    corporation using similar technology to that used for the
    internal (VNET) network ... misc. past bitnet/earn posts
    http://www.garlic.com/~lynn/subnetwork.html#bitnet

    misc. past internal network posts
    http://www.garic.com/~lynn/subnetwork.html#internalnet

    I got blamed for doing computer conferencing on the internal network in
    the late 70s and early 80s ... there then followed some number of
    investigations into this "new" phenonama. somewhat as a result, a
    researcher was paid for nine months to sit in the back of my office for
    nine months to take notes on how I communicated; they also got copies of
    all my incoming and outgoing email as well as logs of all instant
    messages. In addition to (corporate) research report, the material was
    also used for a Stanford phd thesis in the mid-80s (joint between
    language and AI departments) as well as some number of papers and books.
    misc. past posts mentioning computer mediated communication
    http://www.garlic.com/~lynn/subnetwork.html#cmc

    most of the machines on the internal network ran a virtual machine
    operating system ... orginally developed by the science center
    in the mid-60s. In the late 60s and early 70s there saw some number
    of commercial time-sharing service bureaus formed leveraging
    virtual machine operating systems as the base platform ... misc.
    past posts
    http://www.garlic.com/~lynn/submain.html#timeshare

    one such was company called TYMSHARE ... which also developed computer
    conferencing facility on their platform. In the mid-70s, TYMSHARE
    offered "free" use of the computer conferencing facility to the
    vendor customer organization ... website here:
    http://www.share.org/

    and archive of that computer conferencing starting August 1976 is
    archived here:
    http://vm.marist.edu/~vmshare/

    for related ... this post has some pictures of online home setup in the
    late 70s through mid-80s ... which for part of the time, also included a
    compact microfiche viewer (at work had access to microfiche printer)
    http://www.garlic.com/~lynn/2008m.html#51

    this recent post discusses some of the virtual machine platform
    characteristics
    http://www.garlic.com/~lynn/2008q.html#62

    "security" was important issue for the commercial time-sharing service
    bureaus ... but also important to some number of gov. agencies that also
    used the platform (starting in the 60s & 70s)... minor reference here:
    http://www.nsa.gov/selinux/list-archive/0409/8362.cfm

    for the heck of it, my rfc index
    http://www.garlic.com/~lynn/rfcietff.htm

    in the "RFCs listed by" section, clicking on the "Date" field ... brings
    up frame given RFCs by date.

    and for the fun of it, some posts in recent thread from usenet news
    a.f.c:
    http://www.garlic.com/~lynn/2008r.html#3 What if the computers went back to the '70s too?
    http://www.garlic.com/~lynn/2008r.html#5 What if the computers went back to the '70s too?
    http://www.garlic.com/~lynn/2008r.html#6 What if the computers went back to the '70s too?

    other nostalgia some postings related to Interop '88 held in san jose
    http://www.garlic.com/~lynn/subnetwork.html#interop

    this was somewhat leading edge of the federal gov. mandates that
    required eliminating tcp/ip (internet), replacing it with OSI (gosip
    stuff) ... and there were lots of OSI products in the booths that year
    at interop.

    --
    40+yrs virtualization experience (since Jan68), online at home since Mar70
    Anne & Lynn Wheeler, Nov 30, 2008
    #9
  10. Unknown

    Unknown Guest

    "Moe Trin" <> wrote in message
    news:...

    > about 12 years after I started working with computers.


    Ah, so you really ARE an old guy! | : > )

    >>> and yet you are using Outlook Express on an Internet connection.
    >>> Why? In another article here, you state that you have Xnews and
    >>> alternative browsers, so it's not as if LookOut is the only
    >>> application you've bothered to learn how to use.


    Not quite correct. When I first installed those alternatives, I tested them
    with email, news, and web browsing. That required that I learn how to
    use them.

    > Consider learning something else. Nearly _anything_ else is going to
    > be less of a security hole.


    Suggestions, from a security perspective, are welcome. Saying that OE
    is the worst doesn't really say anything about any others.

    >>But in fact, I do not limit my browsing in any way.

    >
    > If you like playing with fire, expect to be burnt now and then, even if
    > you are wearing an asbestos suit.


    Yep, and people who jump out of airplanes know that someday BOTH
    of their chutes might fail. See my other post about working with hazardous
    chemicals. I was injured even though I was using all the required PPE.

    DES
    Unknown, Nov 30, 2008
    #10
  11. Unknown

    nemo_outis Guest

    (Moe Trin) wrote in
    news::

    >>71. I graduated high school in 1972.

    >
    > about 12 years after I started working with computers.


    That edges me out - I first used a computer in 1962 at McGill University.

    Regards,
    nemo_outis, Dec 1, 2008
    #11
  12. (Moe Trin) writes:
    > That's very easy to believe. In 1983, we had about five hundred systems
    > at the facility I was working at (I'm still under a very strict NDA),
    > and we had just three systems that had access to [D]ARPAnet. If you
    > look at the databases from the five RIRs (AfriNic, APNic, ARIN, LACNic
    > and RIPE), by the end of 1983, there were just 1686 network allocations
    > and assignments world wide (I'm sure you recall they were handing them
    > out like water back then), and I think that's actually over-reporting.


    re:
    http://www.garlic.com/~lynn/2008r.htmL#9 Comprehensive security?

    for other trivia ... the technology for the internal network
    http://www.garlic.com/~lynn/subnetwork.html#internalnet

    also originated at the science center
    http://www.garlic.com/~lynn/subtopic.html#4545tech

    .... which (as mentioned) originated virtual machine systems starting in
    mid-60s.

    there was big explosion in number of nodes on the internal network in
    the late 70s and early 80s (which went from 300 nodes in '79 to 1000
    nodes in '83) ... a large number were virtual machine mid-range 43xx
    machines. this period saw big increase in number of mid-range systems
    .... DEC sold a lot of vax machines in this market segment ... old post
    giving decade of vax numbers, sliced&diced by yr, model, US/non-US
    http://www.garlic.com/~lynn/2002f.html#0

    a lot of 43xx machines were installed internally ... but even much
    larger at customers sites (although not necessarily public network
    connected). one of the difference between vax & 43xx ... was quite a few
    customers ordered 43xx machines in lots of tens or even hundreds at a
    time. various old email with 43xx references:
    http://www.garlic.com/~lynn/lhwemail.thml#4341

    an example is this old email from marketing rep wanted to bring by
    their (large) customer for a visit ... to talk about 20 4341s ...
    which turned into an order for 210 4341s (by the following fall):
    http://www.garlic.com/~lynn/2001m.html#email790404b

    in this post:
    http://www.garlic.com/~lynn/2001m.html#15

    not long later a customer had a single order for nearly a thousand
    4341 machines.

    another old email with marketing rep wanting help with large cal.
    bank customer with order for sixty 4341s
    http://www.garlic.com/~lynn/2006y.html#email800311b

    in this post
    http://www.garlic.com/~lynn/2006y.html#5

    LLNL was talking about similar kind of order.

    for other drift ... this was reference to slight difficulty in getting
    class A allocation in '88
    http://www.garlic.com/~lynn/2006j.html#email881216

    in this post
    http://www.garlic.com/~lynn/2006j.html#53

    --
    40+yrs virtualization experience (since Jan68), online at home since Mar70
    Anne & Lynn Wheeler, Dec 1, 2008
    #12
  13. (Moe Trin) writes:
    > I'm still amazed at all of the connectivity that was out there so long
    > ago, and how trusting we were. Sure, our sensitive stuff was behind an
    > air-gap, but there was a lot of stuff accessible that would give the
    > auditors heart attacks today.


    re:
    http://www.garlic.com/~lynn/2008r.html#9 Comprehensive security?
    http://www.garlic.com/~lynn/2008r.html#17 Comprehensive security?

    the counter was science center
    http://www.garlic.com/~lynn/subtopic.html#545tech

    with its cp67 virtual machine system ... also provided accessed to some
    number of students and other non-employees from cambridge area
    institutions of higher learning. this required significant security
    provisions because of various (corporate) secrets resident on the
    system.

    two specific scenarios

    1) the most senstive of corporate secrets were the detailed information
    about all the corporate customers started on the cambridge
    system. besides other activities, the science center had ported apl\360
    to cp67/cms for cms\apl. As part of doing that moved ... APL workspace
    size was increased from typical 16k-32k bytes (in real memory apl\360)
    to several megabytes (in cms virtual machine). this also required
    redoing apl's storage management to make it more virtual memory
    friendly. in addition, functions that could access system services were
    added (like read/write files). The net was cms\apl could really be used
    for real-world applications. APL had a reputation for use in business
    modeling ... but it took drastically increasing the workspace size and
    supporting system services to open it to real world problems. The
    business planners from corporate hdqtrs in NY started using the system
    remotely ... along with having loaded the most sensitive of corporate
    business secrets.

    2) before 370 was announced (as well as virtual memory support in 370),
    cambridge started a joint development project with the endicott
    manufacturing facility to create a 370 virtual machine ... running on
    360/67 cp67 system. this required a feature option ... and simulating
    all the architecture and instruction differences in 370 (from 360).
    Before announcement of 370 ... all this information was closely guarded
    corporate secret ... but cambridge was regularly running "370s" as
    virtual machines on the cambridge cp67/cms service (and kept "hidden"
    from non-employees)

    note other systems from the era frequently used air-gap for security
    (because it otherwise didn't exist in the system). cp67 had a lot of it
    built into basic infrastructure.

    some of this may have been the area. some number of people that had
    worked on CTSS had come over to the science center on the 4th flr of
    545tech sq. Some number of other people that worked on CTSS went to
    Multics effort on 5th flr of 545tech sq.

    Multics also has some security history ... as referenced in
    this previously mentioned email, air force data services was
    multics installation:
    http://www.garlic.com/~lynn/2001m.html#email790404b

    and a gateway on the internet was dockmaster, mentioned here:
    http://www.multicians.org/site-dockmaster.html

    reference to air force multics vulnerability analysis (from 1974):
    http://csrc.nist.gov/publications/history/karg74.pdf

    and reference to that work ... paper mentioned in this post
    http:/www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation

    --
    40+yrs virtualization experience (since Jan68), online at home since Mar70
    Anne & Lynn Wheeler, Dec 1, 2008
    #13
  14. Unknown

    Unknown Guest

    "Moe Trin" <> wrote in message
    news:...

    > [As a commercial pilot, the idea of jumping out of a perfectly good
    > airplane is rather strange, but that's another thing entirely.]
    >
    > People who jump out of airplanes don't tend to do so at random
    > altitudes from 40 to 45,000 feet using a worn 'chute, nor do they
    > intentionally jump into rough terrain, cities, or other jungles. They
    > tend to be aware that a mistake can have fatal consequences, and thus
    > take reasonable care.


    Things happen. HILO jumps leave a LOT of room for changes in
    the situation. The fact is that sometimes there are deaths, no matter
    how well you prepare. A perfectly good chute and the proper
    jump zone can't control shifts in wind direction, or the fact that landing
    was off by 20 feet and you got wet when you really shouldn't have.
    During Desert Storm, missiles were landing 50 feet from where they
    were supposed to. The layman thought that was pretty good. Those
    of us keeping a closer eye on things realized that that distance was
    likely a result of variations in the speed of Earth's rotation, which
    the GPS on-board those missiles failed to take into consideration.

    When I was in the Air Force, I volunteered into the AF Pararescue
    school. Their job included moving behind enemy lines in order to
    extract downed fliers. That training included jump school, as it
    should have. Sometimes people do jobs where they are expected
    to jump into rough terrain, including jungles. That's what they do.
    With proper training, and the right equipment, it can be done.

    My life has always been one of exploration. Sometimes I go places
    that others wouldn't. That's just me, there is nothing I am unwilling
    to explore. But I want to be able to do so with some hope of coming
    out alive. I'm willing to play the odds, and that means the odds have
    to be in my favor. Whatever I can do to up the odds in my favor
    I'd like to be able to do. Personally, I'd probably want oxygen mask
    if I were jumping from 45, 000 feet. When I go into a possibly
    hazardous web site, I want the parachute, or the electronic equivalent.
    Again, with the proper PPE, the proper technique, and experience
    in what you're doing, the great majority of the time you can have a
    smooth experience.

    >
    > Old guy


    Just for the record, today, December 1, I turned 55 years old.

    DES
    Unknown, Dec 2, 2008
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard Dillon
    Replies:
    1
    Views:
    450
    David Dyer-Bennet
    Aug 20, 2003
  2. sandy
    Replies:
    1
    Views:
    459
    Joshua Zyber
    Nov 27, 2004
  3. Mimic
    Replies:
    8
    Views:
    520
    Mimic
    Jan 20, 2004
  4. Unknown

    Comprehensive security?

    Unknown, Nov 28, 2008, in forum: Computer Security
    Replies:
    1
    Views:
    485
    dotslash
    Jan 27, 2009
  5. Bolaleman

    Most comprehensive Assistant Job Board of the Web

    Bolaleman, Aug 23, 2009, in forum: Computer Support
    Replies:
    0
    Views:
    345
    Bolaleman
    Aug 23, 2009
Loading...

Share This Page