On Tue, 2014-04-22 at 14:23 -0400, Simo Sorce wrote: > On Tue, 2014-04-22 at 13:22 -0400, Russell Doty wrote: > > On Tue, 2014-04-22 at 19:01 +0200, Miloslav Trmač wrote: > > > 2014-04-22 13:40 GMT+02:00 Stephen Gallagher <sgallagh@xxxxxxxxxx>: > > > 3) Recovery and auditing are more important than prevention. > > > > > > This is only true for large managed enterprises, where recovery is > > > possible in the first place (how many people don't have good > > > backups?), and prevention is bordering on impossible (with the high > > > number of systems and administrators). For individual users auditing > > > is completely pointless, recovery is either impossible or a huge > > > hassle, and prevention the only option. > > Well, the presentation was focused on enterprise systems... > > > > But there were some underlying themes: > > > > * Users will work around anything, including security features, that > > interfere with them doing their job. > > > > * It is impossible to completely secure a system. A prevention only > > approach doesn't work well. > > > > * An effective security model is built around Deter, Detect, Delay, > > Respond, Remediate. > > > > * Security is one of multiple threats to system integrity. > > All very true, but you do not remove the Deterrent, just because you > have the other 4 layers (which we do *not* have very much in Fedora when > it is used as a simple workstation). Absolutely true - the foundation of the stack is Deter. The point is that we can't harden a system enough for Deter alone to be fully effective, so we need to have the complete security model. And you are right. We have a real opportunity to look at an overall "people centric" approach to security in Fedora. Look at the traditional threat models, look at the people issues, and look at an overall approach to maintaining system integrity. I'd like to see us exploring system integrity in greater depth. > > This is why people say we need to improve the Firewall experience not > raise white flag and disable it. Agree. Unfortunately, the easy way out is to punch so many holes in the default firewall that it doesn't offer much protection... > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct