No disagreement from me, Kris. I agree completely that security is about mitigating risk - I've made that very argument here on the CRIME list before. However, the process of mitigating risk is a complex and difficult process. And all too often, people spend a lot of money and time on complex technologies and solutions completely missing obvious holes. One of the larger holes in most networks is the lack of protection measures at the end-points. VPN, encryption, and strong authentication measures are all good things to have, but without adequate end-point protection, they can be quickly rendered useless. __________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ -----Original Message----- From: Quinby, Kris (MED) [mailto:kris.quinby@private] Sent: Wednesday, October 23, 2002 1:16 PM To: crime@private Subject: RE: CRIME Driveby DOS Andrew, Let's keep in mind that security is about mitigating risk not eliminating it. You will never eliminate risk. The job of security it to make it hard enough to accomplish something that someone will either give up or, more likely, go on to the next "opportunity". Kris ___________________________________________ Kris Quinby, CISSP Systems Engineer - Data Center Operations GE Medical Systems Information Technologies Email: kris.quinby@private Phone: 503-531-7190 Fax: 503-531-7001
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 18:26:56 PDT