>Lessons Learned: >--------------- > >When you think 'security,' think 'defense in depth.' The French >demonstrated very neatly that putting all their resources into the >Maginot Line was not very bright, and we should make every effort *not* to >recreate the Maginot Line. Security shouldn't just be casted as only a defensive mechanism. Security in that form becomes a bothersome tyrant of the OS, hindering the users of that machine. This kind of view will only encourage paranoid, knee-jerk solutions. Instead, security is more appropiately viewed as a methadology of determinging the integrity of a resource. Beyond the defensive, and creating simple reusable solutions applicable to any number of situations. What if there's no need to get defensive? >Security is *not* cost-intensive, if you build it in the first time, or >add it in as you upgrade your environment, especially as you value it >against the total loss of your environment. How can you determine everyone's cost and value? Some don't care or feel they have any need for security, thus incuring unwanted cost. This stems from of viewing security as a defensive perspective. >Find a way to control outside access. Either throttle it through a >firewall, run it through router filters, or use tcpd. (in decending order >of preference) A fine example of a nessacary form of tyrant application and the costs incurred. - - - ------------------------------------------------- - -- --- ______ ______ . .:_\___ \\_ . \_::. Donald Moore (MindRape) . .::./ ./ // ./__/.:::. . _<_____/<____ >_:. Email: mindrapeat_private . \/ . damagedat_private Damaged Cybernetics - - - ------------------------------------------------- - -- ---
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:32 PDT