nanog mailing list archives
Re: misunderstanding scale
From: Owen DeLong <owen () delong com>
Date: Mon, 24 Mar 2014 20:00:58 -0700
On Mar 24, 2014, at 9:20 AM, William Herrin <bill () herrin us> wrote:
On Mon, Mar 24, 2014 at 3:00 AM, Karl Auer <kauer () biplane com au> wrote:Addressable is not the same as accessible; routable is not the same as routed.Indeed. However, all successful security is about _defense in depth_. If it is inaccessible, unrouted, unroutable and unaddressable then you have four layers of security. If it is merely inaccessible and unrouted you have two.
That is, frankly, so gross an oversimplification as to be not only misleading, but outright inaccurate in many cases. When considering defense in depth, layer thickness counts as much or more than number of layers. unroutable and unaddressable (which NAT and RFC-1918 arguably don’t actually provide in reality) are roughly equivalent to a slide-lock on a screen door in front of a stateful inspection bank vault door in front of an unrouted iron-bar day-door inside the vault. I would argue that the value added by the screen door and its associated slide lock is near zero in the total equation. Further, since the reality is that NAT and RFC-1918 can be exploited by the attackers to help hide their identity and obscure their activities, they are actually not added depth, but in fact erode the actual security. Further, since it is such a widely held misperception that they provide security, there’s probably a certain amount of negative impact due to the complacency and lack of vigilance that creates as well. Owen
Current thread:
- Re: misunderstanding scale, (continued)
- Re: misunderstanding scale Joe Greco (Mar 24)
- Re: misunderstanding scale Michael Thomas (Mar 24)
- Re: misunderstanding scale Joe Greco (Mar 24)
- Re: misunderstanding scale William Herrin (Mar 24)
- Re: misunderstanding scale Joe Greco (Mar 24)
- Re: misunderstanding scale Valdis . Kletnieks (Mar 24)
- Re: misunderstanding scale Michael Thomas (Mar 24)
- Re: misunderstanding scale William Herrin (Mar 24)
- RE: misunderstanding scale Eric Wieling (Mar 24)
- RE: misunderstanding scale Naslund, Steve (Mar 24)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale Timothy Morizot (Mar 24)
- Re: misunderstanding scale Mark Tinka (Mar 24)
- RE: misunderstanding scale Naslund, Steve (Mar 24)
- Message not available
- RE: misunderstanding scale Naslund, Steve (Mar 24)
- Re: misunderstanding scale hslabbert (Mar 24)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- RE: misunderstanding scale Naslund, Steve (Mar 24)
- Re: misunderstanding scale Valdis . Kletnieks (Mar 24)
- RE: misunderstanding scale Alexander Lopez (Mar 24)
- Re: misunderstanding scale hslabbert (Mar 24)