A fun smackdown...

[firewall-wizards-gate () abraham cs berkeley edu (David Wagner)]

Behm, Jeffrey L. wrote:
> This made me think of a denial of service attack which 
> renders the system (door) unavailable. Does a DoS make
> the system more secure? It seems like some _might_ say
> _Yes_, since the system would effectively be blocked.
> I would say no, it's not more secure, at least, not if
> the definition of security includes _availability_.

This is a very confused answer.  Let me help you think about this
more clearly.  It's all about security goals.  Integrity?  Is that
a goal?  What about availability?  Now, which is a higher priority?
There is no "One Right Answer"; priorities will depend on your goals,
on your application, and on the specifics of the setting.  That's a
policy question.

Let's assume you have know what your goals are, and you have been
able to prioritize them.

If integrity is a higher priority than availability, then you want
systems that will fail closed: in case of doubt, better to shut the
system down (at cost to availability) then allow an intrusion to
happen (at cost to integrity).

If availability is a higher priority than integrity, then you want
systems that will keep running, no matter what: in case of doubt, it
may well be better to allow an intrusion to happen and try to tolerate
it, possibly sacrificing some degree of integrity for availability.

Of course, we often cannot disentange the two concepts.  Often the
availability of our system rests on the integrity of certain system state.
But this gives you a way to think about whether to fail open vs to fail
closed.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards