Bugtraq mailing list archives
Re: No Security is Bad Security:
From: mindrape () HOME COM (Donald Moore)
Date: Thu, 4 Feb 1999 02:08:42 -0700
Lessons Learned: --------------- When you think 'security,' think 'defense in depth.' The French demonstrated very neatly that putting all their resources into the Maginot Line was not very bright, and we should make every effort *not* to recreate the Maginot Line.
Security shouldn't just be casted as only a defensive mechanism. Security in that form becomes a bothersome tyrant of the OS, hindering the users of that machine. This kind of view will only encourage paranoid, knee-jerk solutions. Instead, security is more appropiately viewed as a methadology of determinging the integrity of a resource. Beyond the defensive, and creating simple reusable solutions applicable to any number of situations. What if there's no need to get defensive?
Security is *not* cost-intensive, if you build it in the first time, or add it in as you upgrade your environment, especially as you value it against the total loss of your environment.
How can you determine everyone's cost and value? Some don't care or feel they have any need for security, thus incuring unwanted cost. This stems from of viewing security as a defensive perspective.
Find a way to control outside access. Either throttle it through a firewall, run it through router filters, or use tcpd. (in decending order of preference)
A fine example of a nessacary form of tyrant application and the costs incurred. - - - ------------------------------------------------- - -- --- ______ ______ . .:_\___ \\_ . \_::. Donald Moore (MindRape) . .::./ ./ // ./__/.:::. . _<_____/<____ >_:. Email: mindrape () home com . \/ . damaged () futureone com Damaged Cybernetics - - - ------------------------------------------------- - -- ---
Current thread:
- Re: More oshare testing., (continued)
- Re: More oshare testing. Jeff Roberson (Feb 03)
- Re: No Security is Bad Security: com-nospam () CCRAIG ORG (Feb 04)
- Re: More oshare testing. Alan Cox (Feb 04)
- Re: More oshare testing. Cristiano Lincoln Mattos (Feb 05)
- Re: More oshare testing. Dariusz Zmokly (Feb 04)
- Re: More oshare testing. Jeff Roberson (Feb 03)
- Re: No Security is Bad Security: Kevin Day (Feb 02)
- Re: No Security is Bad Security: Jan B. Koum (Feb 03)
- Re: No Security is Bad Security: Russell Fulton (Feb 04)
- Re: No Security is Bad Security: Jan B. Koum (Feb 03)
- Re: No Security is Bad Security: ecx (Feb 04)
- Update on w00w00 article (bug report) Shok (Feb 04)
- Re: No Security is Bad Security: Donald Moore (Feb 04)
- Re: No Security is Bad Security: der Mouse (Feb 04)
- Re: No Security is Bad Security: Taral (Feb 04)
- Re: No Security is Bad Security: Scott (Feb 04)