 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Thu, Mar 28, 2013 at 10:49:57AM -0400, Rich Pieri wrote: > That's what I find so amusing about security discussions like this. > So many get caught up with the idea of keeping attackers out or > slowing them down without really thinking about how to protect > what's actually of value. I fully acknowledge this point, and I never said anything to the contrary. This in no way indicates that obfuscation has no value. > The right way to secure a public-facing server is to start by > assuming that it will be compromised. There's truth to this--from a risk management perspective. Don't risk exposing things that would be expensive if they were exposed, unless it's essential to do so. But it's also very defeatist. I have on several occasions discovered an intrusion in progress and shut the attacker down, never to be heard from again. Most attackers in practice are robots, and will simply fail with the slightest interruption. > An attacker -- be he a script kiddie or a pro turned black hat -- > will find a way in regardless of what you do. This is nonsense. A script kiddie will go away after at most a handful of meager attempts. A well-informed, extremely determined attacker who is explicitly targeting YOU will find a way in, IF he has sufficient motivation to STAY determined in the face of your defenses. The underwhelming minority of attacks fall into this category. There is an entire universe of grey in between. But even in the cases that start to fall into the extreme category, time is your friend. If you can put enough barriers in place, and have tools for detecting the intrusion *while it is happening*, you may be able to shut down the attack. You may be able to convince your foe that you really are not worth the effort. Or, if you yourself are determined to prevent intrusion, you may be able to keep your foe engaged long enough to involve the authorities and have him incarcerated. I've never personally been involved in a case of this, but I've met people who have. Making it hard for your attacker to find what he's looking for is a very cheap and useful part of preventing him from getting it. It is very much a part of security in depth, in fact eliminating many attacks before they even begin. You just need to be prepared for when it fails. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
