Hi Ross,
I can appreciate what you're saying in your email. It comes down to a
"fundamental disconnect" between responsibility for the consequences of
security breaches and authority+resources for implementing prudent
security precautions, and there are a lot of people at UCB caught in the
middle.
I think if you leave the bad political situation aside, SNS's approach is
a good one from a technical standpoint. It's not feasible for SNS to be
able to react quickly when the next MS email virus shuts down campus if they
have to hand-inspect every ip's port 25 traffic to see if it's a true spammer
or if it's an innocent proxy. If SNS had 20 FTE's maybe they could do it,
but as it stands they have to rely on more automated techniques. Having
said that, you do raise an interesting question as to whether more can be
done to automatically detect whether a given host is a gateway or an infected
machine.
I think one way to spin what SNS is trying to do to the masses of
independent system administrators is to just make them aware of SNS's recent
drive for mail-server registration and what the consequences of not being
on said list would be if they start emitting loads of spam. If SNS is
willing to accept white-list requests based on the assurance of "third
party" independent system administrators, then you and other departmental
security contacts can wash your hands of all the guilt :) I would guess
that SNS would be willing to accept such an assurance, but I don't know
whether they'd want it to come *through* the departmental security contact
or not. Given that they would accept such an assurance, we're no worse
than we were before the whitelist in terms of dysfunctionally-distributed
security responsibility, and SNS is less likely to block an important mail
server, so it seems like a break-even plus a plus is a plus.
So it all comes down to whether there's an implied statement of approval
on your part when a mail server in your department is whitelisted. I
think SNS is just trying to help the campus avoid problems, not trying to
address the larger political issue.
Mike
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Fri Aug 27 11:01:29 2004
This archive was generated by hypermail 2.1.8 : Fri Aug 27 2004 - 11:01:54 PDT