Vulnerability Development mailing list archives
Re: Thinking about Security rules...
From: "Ray Parks" <rcparks () sandia gov>
Date: Thu, 09 May 2002 13:47:35 -0600
"f.harster" wrote:
Rhino Bond wrote:
...
Any thoughts on this? Anyone seen a white paper on such a set of rules?David, actually this reminds me of the "Defense-in-Depth" concept applied to network/system security, but i may be wrong ;) have a look at this one in the meantime : http://rr.sans.org/start/primer.php
Just remember this aphorism - Depth without Breadth is useless. We engaged in a series of experiments within the DARPA IA program in which we proved that Defense in Depth is an over-rated concept. Layered defenses can actually be weaker than single defenses because administrators/developers think that another layer is providing the defense they are ignoring. The results of these experiments were recorded in a paper, unfortunately I don't have a cite at this time. Bottom line - we were able to get through layers of defense in depth because we could attack each layer in a different way. This allowed attacks to woogle through to the goal despite multiple layers of defense. -- Ray Parks rcparks () sandia gov V:505-844-4024 F:505-844-9641 P:800-690-5288
Current thread:
- Thinking about Security rules... Rhino Bond (May 08)
- Re: Thinking about Security rules... Peter Kristolaitis (May 08)
- RE: Thinking about Security rules... Sean Convery (May 09)
- Re: Thinking about Security rules... f.harster (May 09)
- Re: Thinking about Security rules... Ray Parks (May 09)
- Re: Thinking about Security rules... f.harster (May 10)
- Re: Thinking about Security rules... Harvey Newstrom (May 10)
- Re: Thinking about Security rules... Geoff Galitz (May 13)
- Re: Thinking about Security rules... Rhino Bond (May 14)
- Re: Thinking about Security rules... Geoff Galitz (May 14)
- Re: Thinking about Security rules... Ray Parks (May 09)
- Re: Thinking about Security rules... Peter Kristolaitis (May 08)
- <Possible follow-ups>
- RE: Thinking about Security rules... Mendoza Bazan, Luis - (Per) (May 14)
- Re: Thinking about Security rules... David Hawley (May 14)