Re: PAB Re: site security

From: Marc Hurst (mhurst@fastlane.ca)
Date: Fri Feb 20 1998 - 07:25:04 PST


Wow,

I think I actually agree with Perry on something. Is it going to be gratis?

On Fri, 20 Feb 1998, Perry E. Metzger wrote:

>
> I would suggest that perhaps the CORE equipment should be located at
> the PAIX, which has excellent internet connectivity and top
> security. If this is desired, I could contact Paul Vixie on behalf of
> CORE.
>
> Perry
>
> "Robert F. Connelly" writes:
> > Dear Kent:
> >
> > I add one small item to your recommendations.
> >
> > Son Duane immediately proposed something like Lojack. I understand you can b
> uy
> > a crown with a transmitter in it from the "Spy shop" in the New York airport.
>
> > (Also a list of dentists willing to install it!)
> >
> > Wouldn't it be nice to be able to see just where the units are going?
> >
> > Regards,
> > BobC
> >
> >
> > At 05:54 PM 2/18/98 -0800, Kent Crispin wrote:
> > >On Wed, Feb 18, 1998 at 12:15:21PM -0800, Dave Crocker wrote:
> > >> Folks,
> > >>
> > >> In light of the breakin and theft, I thought a little harder about site
> > >> security.  I had thought that Best was dandy.  No question they are popular
> > >> and I know their operation in Mountain View quite well.  I assume S.F. is
> > >> the same.  Card keys, locked cages, hallway window into the room for
> > >> staffers to view. 
> > >>
> > >> On the other hand, visual control is not constant or even heavy.
> > >>
> > >> So I just called Exodus and heard a notably different description of
> > >> security features.  They have all the stuff Best can claim.  In addition
> > >> (though I don't know if there are differences in the quality of the
> > cages...):
> > >>
> > >> 1.  24 hour guard.  You get the card key each time from the guard, rather
> > >> than carrying it will you, and must sign in, showing photo id.
> > >>
> > >> 2.  Equipment coming in or going out is logged.
> > >>
> > >> 3.  Cameras on the access.  (Pretty sure Best doesn't have this.)
> > >>
> > >> All 3 of these points make for much stronger security than Best has.
> > >>
> > >> Might be worth considering.  I haven't checked other providers.
> > >
> > >Under the circumstances, I see several choices, in order of preference.
> > >
> > >        1) Get Best to improve their security -- they may want to do
> > >        that after this incident, because really, it could have
> > >        happened to any of their customers.  Given the value of the
> > >        equipment there, 24 hour attendance is not a luxury, it is a
> > >        necessity (I was under the impression that Best supplied this,
> > >        but obviously there are gaps.)
> > >
> > >        I would think that Best might want to seriously rethink their
> > >        security posture -- this could have been a bomb, instead of
> > >        a theft.  If they won't seriously improve, then I don't think
> > >        there is any choice but to...
> > >
> > >        2) ...move to someplace like Exodus.  Our security auditors,
> > >        if they are worth anything at all, should make this point
> > >        strongly, and I don't think, if we are serious, that we will
> > >        have any choice but to follow their recommendations.   We
> > >        have an excuse -- our final production configuration is
> > >        contingent on our security audit, we could say.
> > >
> > >        3) implement our own security measures (install alarms,
> > >        cameras, etc, hire a security guard).  This is a distant,
> > >        distant, third.  To be effective it would still have to
> > >        involve Best.  We could do this, but it would be a denial of
> > >        reality, IMO.
> > >
> > >--
> > >Kent Crispin, PAB Chair "No reason to get excited",
> > >kent@songbird.com the thief he kindly spoke...
> > >PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
> > ><http://songbird.com/kent/pgp_key.html>http://songbird.com/kent/pgp_key.html
> > >
>



This archive was generated by hypermail 2b29 : Sun Jan 30 2000 - 03:22:28 PST