From owner-freebsd-security  Mon Jan  8  7: 3:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from calliope.cs.brandeis.edu (calliope.cs.brandeis.edu [129.64.3.189])
	by hub.freebsd.org (Postfix) with ESMTP
	id A07C037B400; Mon,  8 Jan 2001 07:02:07 -0800 (PST)
Received: from localhost (meshko@localhost)
	by calliope.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id KAA03614;
	Mon, 8 Jan 2001 10:01:54 -0500
Date: Mon, 8 Jan 2001 10:01:54 -0500 (EST)
From: Mikhail Kruk <meshko@cs.brandeis.edu>
To: Darren Henderson <darren@nighttide.net>
Cc: Artem Koutchine <matrix@ipform.ru>, <security@FreeBSD.ORG>,
	<questions@FreeBSD.ORG>
Subject: Re: Antisniffer measures (digest of posts)
In-Reply-To: <Pine.BSF.4.30.0101052152560.32188-100000@localhost>
Message-ID: <Pine.LNX.4.30.0101080958110.3605-100000@calliope.cs.brandeis.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > So, as I see we two possible solutions and one probable soultion:
>
> You missed one. If these machines are on your lan/wan then the users are
> somehow beholding to you. While not a technical solution, you should not
> over look a strong, easily understandable, clearly exposed, widely and
> repeatedly disseminated security policy paired with swift and decisive
> administrative consequences for breaching that policy.

agree. Make it the policy that the first one caught doing something
illegal pays for the switches. That should do it. ;)
But another 'social' aspect to it no one mentioned so far is that most
probably people would hack system at their work only if they are not
satisfied with the administrators. Try to be nice to people, do not assume
they all want to screw up the system and give them some privliges --
that will make hacking unnecessary for them.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message