Security Basics mailing list archives
RE: Security vs. Simplicity
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 19 May 2009 12:10:38 -0700
From: Stephen Mullins [mailto:steve.mullins.work () gmail com] I agree that the goals of network ops and network security seemingly contradict one another. Network Operations calls for simplicity, redundancy, and ease of troubleshooting. Network Security calls for defense in depth and secure design over all else.
CIA: Confidentiality, Integrity, Availability. Redundancy is usually an Availability strategy, and Simplicity aids with Integrity. The "contradiction" is much more a matter of "seeming" than of fact. A good solution is indeed as simple as possible BUT NO SIMPLER. And as insecure as necessary BUT NO LESS. Establishing where those limits are (they should be derived from the other identified requirements) and implementing to meet them is Engineering. David Gillett ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Security vs. Simplicity avi shvartz (May 19)
- Re: Security vs. Simplicity Robin Wood (May 19)
- RE: Security vs. Simplicity Craig S. Wright (May 22)
- Re: Security vs. Simplicity Stephen Mullins (May 19)
- RE: Security vs. Simplicity David Gillett (May 19)
- RE: Security vs. Simplicity avi shvartz (May 19)
- RE: Security vs. Simplicity David Gillett (May 20)
- RE: Security vs. Simplicity David Gillett (May 19)
- Re: Security vs. Simplicity Robin Wood (May 19)
- Re: Security vs. Simplicity Ansgar Wiechers (May 19)
- Re: Security vs. Simplicity Aarón Mizrachi (May 20)
- Re: Security vs. Simplicity Paul Halliday (May 20)
- Re: Security vs. Simplicity Meenal Mukadam (May 21)
- Re: Security vs. Simplicity Daniel Miessler (May 22)
- <Possible follow-ups>
- Re: Security vs. Simplicity aaa (May 19)
- RE: Security vs. Simplicity Craig S. Wright (May 22)
- RE: Security vs. Simplicity Stefan Marksteiner (May 20)