Firewall Wizards mailing list archives
A fun smackdown...
From: firewall-wizards-gate () abraham cs berkeley edu (David Wagner)
Date: Sat, 21 May 2005 15:10:31 -0700 (PDT)
Behm, Jeffrey L. wrote:
This made me think of a denial of service attack which renders the system (door) unavailable. Does a DoS make the system more secure? It seems like some _might_ say _Yes_, since the system would effectively be blocked. I would say no, it's not more secure, at least, not if the definition of security includes _availability_.
This is a very confused answer. Let me help you think about this more clearly. It's all about security goals. Integrity? Is that a goal? What about availability? Now, which is a higher priority? There is no "One Right Answer"; priorities will depend on your goals, on your application, and on the specifics of the setting. That's a policy question. Let's assume you have know what your goals are, and you have been able to prioritize them. If integrity is a higher priority than availability, then you want systems that will fail closed: in case of doubt, better to shut the system down (at cost to availability) then allow an intrusion to happen (at cost to integrity). If availability is a higher priority than integrity, then you want systems that will keep running, no matter what: in case of doubt, it may well be better to allow an intrusion to happen and try to tolerate it, possibly sacrificing some degree of integrity for availability. Of course, we often cannot disentange the two concepts. Often the availability of our system rests on the integrity of certain system state. But this gives you a way to think about whether to fail open vs to fail closed. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: A fun smackdown..., (continued)
- Re: A fun smackdown... Carson Gaspar (May 20)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- RE: A fun smackdown... lordchariot (May 21)
- Re: A fun smackdown... Devdas Bhagat (May 19)
- Re: A fun smackdown... Martin (May 20)
- RE: A fun smackdown... FirewallAdmin (May 17)
- RE: A fun smackdown... Behm, Jeffrey L. (May 19)
- RE: A fun smackdown... Paul D. Robertson (May 19)
- RE: A fun smackdown... Behm, Jeffrey L. (May 20)
- RE: A fun smackdown... Jeremiah Cornelius (May 21)
- A fun smackdown... David Wagner (May 21)
- RE: A fun smackdown... Marcus J. Ranum (May 24)
- Re: A fun smackdown... Jean-Denis Gorin (May 25)