[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ACL



All security policy that is site specific must be in writing.

SAGE and other organizations have published vetted documents on the ethics
of system/s administration.  These documents can be used and, the SAGE
document, is an industry standard.

If the standards are not in writing, you do not have standards.

Unwritten security standards do NOT exist.  (Test that in a law court
sometime.)


On Mon, Jul 28, 2008 at 11:25 AM, Broekman, Maarten <
Maarten Broekman fmr com> wrote:

> This is the point I was trying to make.  Sorry if that wasn't clear.  If
> there's no legal reason for the sysadmins to access the particular data,
> then there's no reason for them to object to having SELinux policies in
> place to enforce the written (or unwritten) policy.
>
> SELinux in no way reduces the need to hire trustworthy people.  It
> probably increases the need to do so since you have to hire people you
> can trust to correctly implement the policies.
>
> Maarten Broekman
> Email: maarten broekman fmr com
>
> -----Original Message-----
> From: redhat-list-bounces redhat com
> [mailto:redhat-list-bounces redhat com] On Behalf Of Laszlo BERES
> Sent: Monday, July 28, 2008 11:20 AM
> To: General Red Hat Linux discussion list
> Subject: Re: ACL
>
> hike wrote:
>
> > It is unethical for sysadmins to access this data without a specific
> reason
> > and approval.
> > If you cannot trust your sysadmins to act in an ethical fashion, YOU
> have
> > screwed up big-time.
> >
> > YOU hire trustworthy people.
> > YOU train trustworthy people.
>
> Well, you're right, but imagine a world, where your sysadmins _cannot_
> access the data for legal or national security or other reasons. There's
>
> no place for trustworthiness or 'I swear I won't touch anything', you
> _have_ to restrict the access rights.
>
> --
> Laszlo BERES     RHCE, RHCX
> senior IT engineer, trainer
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]