Re: No Security is Bad Security:

[mindrape () HOME COM (Donald Moore)]

> Lessons Learned:
> ---------------
>
> When you think 'security,' think 'defense in depth.' The French
> demonstrated very neatly  that putting all their resources into the
> Maginot Line was not very bright, and we should make every effort *not* to
> recreate the Maginot Line.

Security shouldn't just be casted as only a defensive mechanism.  Security
in that form becomes a bothersome tyrant of the OS, hindering the users of
that machine.  This kind of view will only encourage paranoid, knee-jerk
solutions.  Instead, security is more appropiately viewed as a methadology
of determinging the integrity of a resource.  Beyond the defensive, and
creating simple reusable solutions applicable to any number of situations.
What if there's no need to get defensive?

> Security is *not* cost-intensive, if you build it in the first time, or
> add it in as you upgrade your environment, especially as you value it
> against the total loss of your environment.

How can you determine everyone's cost and value?  Some don't care or feel
they have any need for security, thus incuring unwanted cost. This stems
from of viewing security as a defensive perspective.

> Find a way to control outside access. Either throttle it through a
> firewall, run it through router filters, or use tcpd. (in decending order
> of preference)

A fine example of a nessacary form of tyrant application and the costs
incurred.



-   -  - ------------------------------------------------- - -- ---
                                          ______ ______ .
                                       .:_\___  \\_ .  \_::.
   Donald Moore (MindRape)          . .::./ ./  // ./__/.:::. .
                                        _<_____/<____  >_:.
   Email: mindrape () home com            .             \/  .
           damaged () futureone com       Damaged Cybernetics
-   -  - ------------------------------------------------- - -- ---