Full Disclosure mailing list archives
RE: perfect security architecture (network)
From: "Charles Heselton" <charles.heselton () gmail com>
Date: Mon, 8 Aug 2005 18:36:25 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Although Daniel's comments may be tongue-in-cheek, there is some truth. Here are a few ideas that have become more or less mantras for me, personally.... There IS NO *perfect* security. Defense in depth. The larger your network is, the less effective your perimeter becomes. The end user is always the weakest link. There may be a few more that people feel I have left out. Basically, if you're asking what I think you're asking, you have to be able to cater the level of security you're providing to the needs of your customer. Anti-virus/spyware software, firewalls, IDS/IPSs, "Security Minded" routing......all of these thing have a part in an ideally secure situation. The point is to identify the most critical assets and possible vectors of attack. Then you design a security architecture that 1) addresses those vectors, and 2) has multiple layers that should one preventative method fail, another will detect/prevent (defense in depth). There will always be someone out there who is able to figure out a hole, with enough knowledge, experience, persistence, and luck. If you have a customer that is asking for "perfect security", tell them it can't be done. If you're asking a philosophical question, well secure application development can make a security professional's life a little easier, but it's not going to solve the fundamental problem. But, just like the rest of the security tools (firewalls, etc.), more secure applications and programming techniques only play a part. HTH. - -- - - Charlie 5A27 58D2 C791 8769 D4A4 F316 7BF8 D1F6 4829 EDCF
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Daniel H. Renner Sent: Monday, August 08, 2005 9:08 AM To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] perfect security architecture (network) Good Lord C0br4, Did your new client give you a shopping list or what? Use the force C0br4! The force (of the right forum) will protect you! -- Dan Renner Los Angeles Computerhelp http://losangelescomputerhelp.com On Mon, 2005-08-08 at 12:00 +0100, full-disclosure-request () lists grok org uk wrote:Date: Mon, 8 Aug 2005 11:04:34 +0530 From: C0BR4 <cobradead () gmail com> Subject: [Full-disclosure] perfect security architecture (network) To: websecurity () webappsec org Message-ID: <457462ba0508072234bc6216c () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Hey guys, Have couple of questions need answers plz........... There are three attacks that jeopardize Information security. ------------------------------ - secure Network - ------------------------------ - secure Host - ------------------------------ - secure Application - ------------------------------- How can we optimize security? Stopping attacks at networkor buildingsecure applications.. How should we deal with these attacks? People talk about Firewall, IDS/IPS etc.. What's best? If asked to give a perfect security architecture (network)what wouldyou suggest? Given a Firewall, Router, IDS, IPS and Anti-virus . thank you C0br4_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQvgImHv40fZIKe3PEQIKUACg3rcR67ioI8s3UK2Lm8U1Tr+ytvQAoIu6 47spbOk+qXkqN09ep0nR9Dms =7fIa -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- perfect security architecture (network) C0BR4 (Aug 08)
- RE: perfect security architecture (network) Aditya Deshmukh (Aug 08)
- <Possible follow-ups>
- Re: perfect security architecture (network) Daniel H. Renner (Aug 08)
- RE: perfect security architecture (network) Charles Heselton (Aug 08)
- RE: perfect security architecture (network) Chuck Fullerton (Aug 08)
- RE: perfect security architecture (network) Charles Heselton (Aug 08)
- RE: perfect security architecture (network) Charles Heselton (Aug 09)
- Re: perfect security architecture (network) Aycan iRiCAN (Aug 09)
- Re: perfect security architecture (network) C0BR4 (Aug 10)
- RE: perfect security architecture (network) Chuck Fullerton (Aug 10)