On Mon, May 08, 2000 at 05:13:52PM -0500, Ed Carp wrote:
> allbery@kf8nh.apk.net (allbery@kf8nh.apk.net) writes:
> > Security truism: if someone *really* wants in, s/he will get in. And
> > there isn't anything you can do about it.
> All you can do is slow them down hopefully long enough to figure out who they are, and try to limit the damage.
And detect them...
Security in depth. Rings of security with alarms and traps
in between. If they are going to break in, make THEM be perfect in
finding each and every hole and avoiding each and every trap. Any
single failure on their part should result in detection. The arguements
that you should have perfect applications or perfect operating systems
or perfect perimeter defenses are all bullshit. They all leave you
vulnerable to single points of failure. The only way to turn the tables
on attackers it to make them vulnerable to single points of failure
and keep yourself protected by overlaping layers of defense.
> > We are Linux. Resistance is an indication that you missed the point.
> "We are Pentium of Borg. Division is futile. You will be approximated."
> --
> Ed Carp, N7EKG erc@pobox.com 940/367-2744 cell phone
> http://www.pobox.com/~erc
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:12 EST