On Tue, 2014-04-22 at 13:22 -0400, Russell Doty wrote: > On Tue, 2014-04-22 at 19:01 +0200, Miloslav Trmač wrote: > > 2014-04-22 13:40 GMT+02:00 Stephen Gallagher <sgallagh@xxxxxxxxxx>: > > 3) Recovery and auditing are more important than prevention. > > > > This is only true for large managed enterprises, where recovery is > > possible in the first place (how many people don't have good > > backups?), and prevention is bordering on impossible (with the high > > number of systems and administrators). For individual users auditing > > is completely pointless, recovery is either impossible or a huge > > hassle, and prevention the only option. > Well, the presentation was focused on enterprise systems... > > But there were some underlying themes: > > * Users will work around anything, including security features, that > interfere with them doing their job. > > * It is impossible to completely secure a system. A prevention only > approach doesn't work well. > > * An effective security model is built around Deter, Detect, Delay, > Respond, Remediate. > > * Security is one of multiple threats to system integrity. All very true, but you do not remove the Deterrent, just because you have the other 4 layers (which we do *not* have very much in Fedora when it is used as a simple workstation). This is why people say we need to improve the Firewall experience not raise white flag and disable it. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
