>>Security is *not* cost-intensive, if you build it in the first time, or >>add it in as you upgrade your environment, especially as you value it >>against the total loss of your environment. > >How can you determine everyone's cost and value? Some don't care or feel >they have any need for security, thus incuring unwanted cost. This stems >from of viewing security as a defensive perspective. > I agree with your statement that some don't feel the need for security, thus wanting to avoid the cost. I disagree with your conclusion that it is OK for them to feel that way. When people forgo proper security on their equipment it makes them easy prey to become launch platforms for other abuses that are aimed at folks outside their realm. I liken the situation to that of mandatory seat-belt laws. According to your argument, people who don't value their lives shouldn't be made to wear seat-belts. But what happens when they crash and must be hospitalized? Collectively as a society our insurance rates go up, and if they have no insurance then the public must bear the additional cost of his medical bills. In other words by not wearing a seat-belt he places a burden on those around him. The same is true for those that are connected to some network larger than their own. Insecure boxes place a tremendous burden on the rest of us. If you are still unconvinced, just look at the headers of the last SPAM/UCE you got. Scott Stubbs bernadette.net
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:39 PDT