diff options
| author | Martin Ashby <martin@ashbysoft.com> | 2024-12-21 22:18:18 +0000 |
|---|---|---|
| committer | Martin Ashby <martin@ashbysoft.com> | 2024-12-21 22:18:18 +0000 |
| commit | 82e7ac75954c973a5c59a02684788c0fb26e14dd (patch) | |
| tree | a1b09939f30bc4c232e69f980c2a47e48625ee1d /content/posts/2023-08-11-4-eyes.smd | |
| parent | ff323f79e03174e4cdf2a709c095ff83e7ea3669 (diff) | |
| download | mfashby.net-82e7ac75954c973a5c59a02684788c0fb26e14dd.tar.gz mfashby.net-82e7ac75954c973a5c59a02684788c0fb26e14dd.tar.bz2 mfashby.net-82e7ac75954c973a5c59a02684788c0fb26e14dd.tar.xz mfashby.net-82e7ac75954c973a5c59a02684788c0fb26e14dd.zip | |
Bump zine 0.3.0 -> 0.8.0
Fix a lot of associated breakage
Fix broken rss.xml file as highlighted to me by Matthijs van der Wild
(thanks!)
Diffstat (limited to 'content/posts/2023-08-11-4-eyes.smd')
| -rw-r--r-- | content/posts/2023-08-11-4-eyes.smd | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/content/posts/2023-08-11-4-eyes.smd b/content/posts/2023-08-11-4-eyes.smd new file mode 100644 index 0000000..9ba3f60 --- /dev/null +++ b/content/posts/2023-08-11-4-eyes.smd @@ -0,0 +1,17 @@ +--- +.title = "Four Eyes", +.author = "Martin Ashby", +.date = @date("2023-08-11T22:50:43+01:00"), +.layout = "single.shtml", +.custom = {"comments": true}, +--- + +The four-eyes principle (also known as [two-man rule](https://en.wikipedia.org/wiki/Two-man_rule) or no-lone-zone) stipulates that for certain very critical operations like the launch of a nuclear weapon or the handling of very sensitive cryptographic key material, at least two qualified persons must be actively involved. + +I think the same principle should hold true in some IT operations work; for example some servers are running software that is both very important to keep running, and is also handling very sensitive data. Examples might be banking or healthcare services. A mistake or malice while operating this software can be very harmful. For example: causing significant [downtime for a healthcare system](https://www.bbc.co.uk/news/uk-england-london-62308447) can result in degraded level of care for patients in hospitals. Another example: [leaking details of police staff](https://www.bbc.co.uk/news/uk-northern-ireland-66467164) can result in serious harm to those staff. + +I work for a fully-remote software company which handles healthcare data and provides live services using that data. One additional challenge of fully-remote working is securing access to servers. Remote access to servers is a hard requirement: in order to do my job I must access servers that run our software. However, this means that the security of those servers is only as good as my own [physical security](https://xkcd.com/538/). + +There is a hole in the market for a remote 'four-eyes' system. My boss suggested something as 'simple' as an SSH server which requires _two_ separate authorized users to access, and where every shell command must be confirmed by both users before executing. This means at least _two_ system administrators must be compromised (or complicit) in order for a breach to occur. In theory this is significantly less likely than a single administrator being compromised. + +There are [packages](https://pkg.go.dev/golang.org/x/crypto/ssh) for Go and other programming languages which implement the SSH protocol, and I think it's possible to implement such a server. It's something I plan to explore. |