Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There's an RSA encryption cabinet in our datacenter at work, it has red rope around it like a nightclub line and a sign that says no non RSA certified personnel.

Almost as effective as the ssh banner that says "Unauthorized use is prohibited."

Security through hoping people won't step over a rope is no security at all.



It's my understanding that such login banners are used to provide support for prosecution efforts, should someone break in and claim they did not know that access by random people was prohibited.

I would hope nobody thinks such warning messages are an adequate substitute for human-based and technology-based security measures, any more than wearing garlic cloves or putting up "no guns allowed" signs are replacements for being wary of vampires and armed criminals.


Yes, there was a case in which a system had "Welcome to XXX" as a banner, and their attempts to prosecute a cracker failed because of this.


That's going to need a citation.


Well compared to the ssh banner, it is in a secured data center. All the people in there (hopefully) have been assigned some baseline level of trust.

I really hope the story behind that rope is more like:

"What the fuck did you do? Every salesman on the East Coast is locked out of the VPN!"

"You told me to reboot ALL the servers!"

Than some crazy RSA security requirement.


I've only been in that datacenter once and I was signed in by someone with authority to help them with something. Like others have said here, it's more to help with "I didn't know I wasn't supposed to touch it" type cases. The RSA cabinet is the security, the rope is legalease.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: