pdp (architect) wrote: > Thor, with no disrespect but you are wrong. Security in depth does not > work and I am not planning to support my argument in any way. This is > just my personal humble opinion. I've seen only failure of the > principles you mentioned. Security in depth works only in a perfect > world. The truth is that you cannot implement true security mainly > because you will hit on the accessibility side. It is all about > achieving the balance between security and accessibility. Moreover, > you cannot implement security in depth mainly because you cannot > predict the future. Therefore, you don't know what kinds of attack > will surface next. > > Security is not a destination, it is a process. Security in depth > sounds like a destination to me. Security in depth is neither a destination nor a process. It is a state of mind. Each part should take care of itself. And it should be as secure as possible in each step. Hugo. -- hvdkooij@xxxxxxxxxxxxxxx http://hugo.vanderkooij.org/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
