Re: Thinking about Security rules...

["f.harster" <f.harster () evc net>]

Interesting point.
What would be your suggestion(s) to strengthen security in a production 
environment according to your experience ?
At the moment I mostly rely on redundant single defenses to slow down 
potential intrusion so that it gives me some precious extra time to 
react and isolate the LAN. However I can feel how weak and unsatisfying 
such a system is when uptime matters, since this "strategy" implies a 
rather long recovery time...

cheers
Fred

Ray Parks wrote:

> Just remember this aphorism - Depth without Breadth is useless.
>  We engaged in a series of experiments within the DARPA IA program in
> which we proved that Defense in Depth is an over-rated concept.  Layered
> defenses can actually be weaker than single defenses because
> administrators/developers think that another layer is providing the defense
> they are ignoring.  The results of these experiments were recorded in a
> paper, unfortunately I don't have a cite at this time.
>  Bottom line - we were able to get through layers of defense in depth
> because we could attack each layer in a different way.  This allowed
> attacks to woogle through to the goal despite multiple layers of defense.
>