On Tue, 15 Oct 2002 11:06:09 +1000, Benny Nasution <bnas3@STUDENT.MONASH.EDU> said: > Security always needs to be increased to reduce threats and risks, but > these threats and risks are the ultimate ęsource of information about > the quality of its ability. Therefore the better the security is > developed the less information you will get about how to improve it. Proper auditing and instrumentation will tell you what's being *attempted*. Also, note that security is a *process*, and involves making trade-offs. For instance, my network has well over 30K hosts on it. Even if I manage to make 99% of them totally hack-proof, I need to expect an average of 1 host to be hacked *every day*. Yes, I could probably harden it so 99.9% were hackproof so I only had 3-4 incidents a month. But it's not worth it - adding that extra '9' would take more time than fixing the hosts. I'm better off hardening the 150 or so hosts that are really critical to 99.95%, creating a document that will let the users get to 98%, and have a "it looks like you got hacked, here's hints on cleaning up" form e-mail. The day that things are so secure that we don't get enough feedback so we have ideas on how to improve the process even more, I will *quite* happily declare victory and retire. However, given how *little* things have improved in the 30 years since the original Multics penetration-test paper, I'm afraid I won't be escaping before mandatory retirement catches up with me in about 30 years. http://domino.watson.ibm.com/library/cyberdig.nsf/1e4115aea78b6e7c85256b360066f0d4/fdefbebc9dd3e35485256c2c004b0f0d?OpenDocument&Highlight=0,multics (If that doesn't work, go to: http://domino.watson.ibm.com/library/cyberdig.nsf/Search and search for 'Multics'). -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
pgp00130.pgp
Description: PGP signature