IETF Logo Mail Archive

Re: Draft Security Policy

"Robert E. Van Cleef" <vancleef@prandtl.nas.nasa.gov> Thu, 18 October 1990 17:40 UTC

Received: from cert.sei.cmu.edu by NRI.NRI.Reston.VA.US id aa07576; 18 Oct 90 13:40 EDT
Received: from NRI.RESTON.VA.US by cert.sei.cmu.edu (5.61/2.2) id AA02207; Thu, 18 Oct 90 12:47:31 -0400
Received: from prandtl.nas.nasa.gov by NRI.NRI.Reston.VA.US id aa05589; 18 Oct 90 11:24 EDT
Received: Thu, 18 Oct 90 08:25:19 -0700 by prandtl.nas.nasa.gov (5.61/1.2)
Date: Thu, 18 Oct 1990 08:25:19 -0700
From: "Robert E. Van Cleef" <vancleef@prandtl.nas.nasa.gov>
Message-Id: <9010181525.AA04531@prandtl.nas.nasa.gov>
To: postel@venera.isi.edu, sblair@synoptics.com, ssphwg@NRI.Reston.VA.US
Subject: Re: Draft Security Policy
Cc: psrg-interest@venera.isi.edu, spwg@NRI.Reston.VA.USd
Status: OR

Steve;

Protection against denial of service, both intentional and accidental,
is my major justification for implementing computer security in a
research environment. For example, most of the damage caused by the
Morris Worm could be classified damage caused by a "denial of service"
attack.

The other reason I use is insurance of data integrity. Intentional
or accidental corruption of data must be avoided.

The use of the term "accidental" is important. In my experience, there
are more instances of denial of service or corruption of data problems
caused by the actions of authorized users or system administrators than
by outside intruders. 

In a "research" environment, privacy is not the primary concern of system
security. The primary concerns are system availability and data integrity,
privacy is a secondary concern.

Bob

::Message-Id: <9010181256.AA29330@excalibur.synoptics.com>
::Date: Thu, 18 Oct 90 05:56:19 PDT
::From: Steven Blair <sblair@synoptics.com>
::Subject: Re:  Draft Security Policy
::
::>> protection of systems against denial of service
::
::HUH??

v2.23.0 | Report a Bug | By Email