Thierry, On Tue, 9 Oct 2007 21:14:30 +0200 Thierry Zoller <Thierry@xxxxxxxxx> wrote: > The Death of Defence in Depth ? - A rather bold question that > is; is this another overhyped bloated Presentation ? Or maybe do > we really have to rethink the way we implement Defence in Depth > on our networks ? This talk will hopefully give you the answers, > if not at least the correct questions to ask yourselves. > > Over the last year [2], n.runs AG investigated Software that is > commonly being used in an Defence in Depth approach and was > quite alarmed. The number of Bugs and Design problems we found > were so tremendous that we had problems dealing with the shear > amount of Vendor coordination and notification emails. the title is misleading at best. Defense in Depth has nothing to do with security software. To the contrary. The paradigm describes an approach where you assume that invidual (even multiple) elements of your defense fall, in the worst possible way (which could be code execution). What you are describing is people adding security software _instead_ of applying a thorough defense in depth design. Your presentation title suggests that one of the very few paradigms that actually promises long term security benefits does not work. Wrong. I suggest you find a better title. cheers FX -- Recurity Labs GmbH | Felix 'FX' Lindner http://www.recurity-labs.com | fx@xxxxxxxxxxxxxxxxx Wrangelstrasse 4 | Fon: +49 30 69539993-0 10997 Berlin | PGP: A740 DE51 9891 19DF 0D05 Germany | 13B3 1759 C388 C92D 6BBB HRB 105213 B, Amtsgericht Charlottenburg, GF Felix Lindner
