Re: RFE: FireKit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/24/2009 03:21 PM, Matthew Woehlke wrote:
> Why is it people seem to have a problem with obscurity *on top of*
> security? What's wrong with making it as hard as possible for the "bad
> guys"?

It's well known that "security through obscurity" is an insufficient
defense.  Only fools would rely on obscurity for strong security.  Some
have taken that to mean that only fools employ obscurity as part of
their security.

In nearly all cases that anybody here will be asked to deal with,
attackers have more than one potential target and will take the
lowest-cost path to achieve their ends.  Obscurity increases costs.

Getting a strong safe with a good lock is important if you're going to
keep your gold in your house.  Burying that safe in the back yard or
behind a wall increases the amount of time it will take a good
safe-cracker to get your gold, by varying amounts.  He's only got so
much time since your alarm system already called the cops, so if you
make him spend that time finding the safe, he has less time to crack it.

But the costs aren't only for the safe cracker.  If you've buried that
safe in the back yard, it's going to be a bitch to get the gold out when
you need it.  Same with DROP'ing packets - it makes network management
and troubleshooting harder.  So, more people will opt for a hidden
wall-mounted safe and not put a sign on their front door that reads,
"the safe is under bar in the study".  Even if it's got an awesome lock.

I use layered firewalls, encrypt my disks, keep my software up-to-date,
REJECT connections, respond to pings, and I'm not telling you where my
gold is hidden. ;)  Those are the right trade-offs for my situation, YMMV.

-Bill

-- 
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
http://www.bfccomputing.com/    Cell: 603.252.2606
Twitter, etc.: bill_mcgonigle   Page: 603.442.1833
Email, IM, VOIP: bill@xxxxxxxxxxxxxxxx
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux