[brlug-general] [SAGE] The danger of SSH keys..
ray at ops.selu.edu
Mon Jan 22 16:42:01 CST 2007
On Mon, 22 Jan 2007, Dustin Puryear wrote:
> Oh what a tangled web we weave. Communication channels continue to
> become stronger, and yet the end-points still remain just as
Always. Users are always the weakest point.
I'm reminded of a story an IBM consultant told me a while back (pre 9/11).
He was doing a security audit of $large_company after they'd spent a few
million dollars on security for their data center (cameras, gates, card
access, etc). He called the main number, posing as a telco
representative, to learn what building the data center was in. Only took
a few minutes. He hung outside the building about 8am, and snuck in with
a large group during the morning rush. Past the guards and card access
gates. Wandered the building till he saw the long hallway with no
windows. There's the datacenter. He hung out across the hall, and when
he heard someone coming, would walk up to the door. Both arms full of
books and manuals, he attempted to swipe his badge and enter the keycode
while fumbling around and dropping books. The first 2 didn't bite. The
3rd person that saw him said 'here let me get that' and opened the door.
He walked in, banged a few keyboards, and found an open terminal. From
there he emailed the CEO: "11 minutes. I'm in the datacenter".
Ray DeJean http://www.r-a-y.org
Systems Engineer Southeastern Louisiana University
IBM Certified Specialist AIX Administration, AIX Support
More information about the General