Information Security News mailing list archives
Re: Extreme Security For Web Servers
From: Dave Dittrich <dittrich () CAC WASHINGTON EDU>
Date: Mon, 5 Feb 2001 00:35:09 -0800
To enter the vaults inside the windowless bunker-like compound requires punching in key codes and slipping your fingers into a series of scanners similar to those used at the U.S. Navy's nuclear facilities. ... Consider the recent attacks that crippled Microsoft Corp.'s Web sites by flooding them with false requests for information. Or the hackers who may have gained access to credit card information at Egghead.com, an online computer-shopping site. ... Wrought-iron fences that can withstand 50,000 pounds of force -- like that produced by a fast-moving car -- enclose the company's steel-lined building, set back 200 feet from the street and patrolled by armed guards.
Oh give me a break. Since when can fingerprint scanners and wrought-iron fences stop an ICMP packet flood, or prevent someone exploiting a remote vulnerability and extracting a credit card database? How many web page defacements mirroed on attrition.org would have been stopped by a 200 foot setback and armed guards? (Hint - ZERO!) Physical security is important, but if you're going to spend a ton of cash, I think you're better off spending it on security-saavy programmers and system administrators. Too bad reality doesn't make for good lead paragraphs. -- Dave Dittrich Computing & Communications dittrich () cac washington edu Client Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Extreme Security For Web Servers InfoSec News (Feb 04)
- Re: Extreme Security For Web Servers Dave Dittrich (Feb 06)