Firewall Wizards mailing list archives
Re: A fun smackdown...
From: Carson Gaspar <carson () taltos org>
Date: Fri, 20 May 2005 17:45:52 -0400
OK, I've kept my mouth shut so far, but...--On Friday, May 20, 2005 11:55 AM -0400 Chuck Swiger <chuck () codefab com> wrote:
Sure, this defines security much the way that Paul does: the more stuff the system denies, the more "secure" it is. A door lock which rejects all keys, even a good key, is more "secure" than a lock which rejects only invalid keys. I find this definition to be self-consistent, but lacking, and would argue that security consists of more than just being able to deny stuff really well.
It comes down to how one defines "security". I think it's time to bring back the "security stool" analogy (I wish I could give proper attribution, but those neurons have gone missing...). Security consists of multiple attributes, this analogy breaks them down into 4 "legs" of the "stool":
- Authentication (who are you) - Authorization (what are you allowed to do) - Availability (is the data accessible) - Authenticity (is the data intact)Attacking any of the "legs" seriously weakens or breaks the "stool". The nasty bit (and the source of the contention it seems) is the "availability" part... and it all comes down to a risk decision. Which is worse, that an authorized person can't see the data, or than an unauthorized person can see it (and possibly damage it)? The answer is different for each case.
-- Carson _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: A fun smackdown..., (continued)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- RE: A fun smackdown... Bill Royds (May 24)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Chuck Swiger (May 20)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Devdas Bhagat (May 20)
- Re: A fun smackdown... Carson Gaspar (May 20)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- RE: A fun smackdown... lordchariot (May 21)
- Re: A fun smackdown... Devdas Bhagat (May 19)
- Re: A fun smackdown... Martin (May 20)
- RE: A fun smackdown... Paul D. Robertson (May 19)