RE: Update to BCP-38?

[Mark Collins <mark.collins () mariestopes org>]

Not everyone attacking your systems is going to have the skills or knowledge to get in though - simple tricks (like 
hiding what web server you use) can prevent casual attacks from script kiddies and others who aren't committed to 
targeting you, freeing your security teams to focus on the serious threats.

Mark

-----Original Message-----
From: NANOG <nanog-bounces () nanog org> On Behalf Of Rich Kulawiec
Sent: 08 October 2019 14:51
To: nanog () nanog org
Subject: Re: Update to BCP-38?

On Tue, Oct 08, 2019 at 01:35:16PM +0100, Mike Meredith via NANOG wrote:
> You've ignored step 1 - identifying critical information that needs
> protecting. It makes sense to protect information that needs
> protecting and don't lose sleep over information that doesn't need
> protecting. Not many of us are planning an invasion of a Nazi-infected Europe any time soon.

We are heading toward a restatement of Kerckhoff's principle/Shannon's maxim, the latter of which can be paraphrased as 
"design systems assuming that your adversary will know as much about them as you do".

Not that I'm advocating publishing all internal design documents, but systems whose security is predicated on the 
secrecy of those are brittle and likely to be badly compromised.  Better to assume that enemies know or can find out 
everything and design/build accordingly.

---rsk
This Email from Marie Stopes International and any attachments may contain information which is privileged or 
confidential. It is meant only for the individual(s) or entity named above. If you are not the intended recipient(s) of 
this Email or any part of it please notify the sender immediately on receipt and delete it from your system. Any 
opinion or other information in this email or its attachments that does not relate to the business of Marie Stopes 
International is personal to the sender and is not given or endorsed by Marie Stopes International.