> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]]On Behalf Of Santanu Das
> Sent: 23 October 2008 10:52
> To: [log in to unmask]
> Subject: Re: Enabling the gridpp VO (and providing a 72hr queue)
>
>
> Hi Jeremy,
>
> My apology for my ignorance, but how exactly it's IMPROVING our
> security? First off, if something happens in the real life, that will
> happen in the first minute - doesn't matter how long the job
> is running
> for afterwards. Isn't much more sensible, from security point of view,
You're assuming that the sole purpose of the hacker is to gain control
of your node and that they'll stop there. Its very possible that further
connection attempts would be made from/to your comprimised hosts to/from
other hosts until your compromised host is discovered, this is useful
information to the security officers as it could identify the
perpertrator or other potentially compromised hosts.
> to stop Mingchao (or whoever) from running such a job in the first
> place rather telling when and how many jobs were submitted after 20
> days or so? My point is the game is already over by that time.
Yes it would be, but that's much harder to do - most of the recent
incidents have been due to stolen credentials, i.e. it looks like a
legitimate user.
Derek
|