Re: Security Admin package for multi level security

[John Hall <jhall@xxxxxxxxxxx>]

One thing you guys are missing about the security issue is that all
devices must be controlled under it also.

Every terminal/tape drive/printer/fax/whatever must also be classified
as to its security clearance.

This security is in addition to any other security that is in place.

If a printer is not "top secret" cleared then you cannot print a top
secret document to it even if you have the clearance.  And you cannot
display it on a terminal that does not have the proper clearance.

About all  OS400 can do is limit security officer signon to specific
devices.

John Hall 

"V. Leveque" wrote:
> 
> Very good!
> 
> I lumped this under "discretionary access control" which as you pointed out
> the 400 does well.
> 
> To look at "Top Secret -- Crypto" classified data, a "Top Secret -- Nukes"
> clearance  will not do.
> 
>   The security officer is always an issue, which is why this person must be
> trusted.  Less of an issue with AS/400, as many functions which require
> "root" on UNIX can be done with a more granular special authority on the
> AS/400.  You don't have to give away the whole machine just because a help
> desk person may need to reset passwords once in a while.
> 
> But most businesses still need transactional security more -- you aren't
> keeping secrets so much as keeping people from writing checks to themselves
> & charging it to "suspense".  Major fraud looks really bad when it hits the
> Wall Street Journal.
>
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---