Re: NIST IPv6 document

[mikea <mikea () mikea ath cx>]

On Mon, Jan 10, 2011 at 02:52:56PM -0500, Lamar Owen wrote:
> On Friday, January 07, 2011 09:25:59 am David Sparro wrote:
> > I find that the security "Layers" advocates tend not to look at the 
> > differing value of each of those layers.
>
> Different layers very much have different values, and, yes, this is often glossed over.
>
> > Going back to the physical door analogy, it's like saying that a bank 
> > vault protected by a bank vault door is less secure than a vault with 
> > the bank vault door AND a screen door.
>
> More analogous would be the safe with glass relockers and a vial of
> tear gas behind the ideal drill point. Yes, those do exist, and,
> should you want to see a photo of such a vial, I can either provide
> one (have to take the photo with the safe door open next time I'm on
> that site, which may be a while with all this snow and ice on the
> ground) or you can find pics through google.
>
> Even physical locks have layered security principles. Think Medeco
> locks with chisel-pointed pins and the associated sidebar in the
> center, or ASSA's Twin double-stack pin technology, or the use of
> spool pins in locks, or Schlage's Primus system (also sidebar driven)
> or anti-drill armor in front of the pin stack (to prevent drilling the
> shear line), etc. The use of layers in the physical security realm
> is a proven concept, and the synergy of the layers has been shown
> effective over time. Not totally secure, of course, but as the number
> of layers increases the security becomes better and better.

My father used to tell me that "Locks keep the honest people out." He
was right; the clever non-honest are the ones we have to deal with at
that level. 

Computers are so great a force multiplier that we are having to do the
same sorts of things to defend against assaults from them. 

-- 
Mike Andrews, W5EGO
mikea () mikea ath cx
Tired old sysadmin