Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A fun smackdown...

From: Carson Gaspar <carson () taltos org>
Date: Fri, 20 May 2005 17:45:52 -0400
OK, I've kept my mouth shut so far, but...
--On Friday, May 20, 2005 11:55 AM -0400 Chuck Swiger <chuck () codefab com> wrote: 


Sure, this defines security much the way that Paul does: the more stuff
the system denies, the more "secure" it is.  A door lock which rejects
all keys, even a good key, is more "secure" than a lock which rejects
only invalid keys.

I find this definition to be self-consistent, but lacking, and would
argue that security consists of more than just being able to deny stuff
really well.
It comes down to how one defines "security". I think it's time to bring back the "security stool" analogy (I wish I could give proper attribution, but those neurons have gone missing...). Security consists of multiple attributes, this analogy breaks them down into 4 "legs" of the "stool": 

- Authentication (who are you)
- Authorization (what are you allowed to do)
- Availability (is the data accessible)
- Authenticity (is the data intact)
Attacking any of the "legs" seriously weakens or breaks the "stool". The nasty bit (and the source of the contention it seems) is the "availability" part... and it all comes down to a risk decision. Which is worse, that an authorized person can't see the data, or than an unauthorized person can see it (and possibly damage it)? The answer is different for each case. 

--
Carson

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: