 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 3/28/2013 7:01 PM, Derek Martin wrote: > I utterly did not. I addressed that directly, in the part you didn't No. You did miss it. In my model I'm less concerned if an intruder exploits a zero-day vulnerability in mod_ssl than you are. Said intruder is trapped in the DMZ between web server and whatever is behind it. Yes, he's compromised a web server but that's ALL that he's compromised. And once any anomalous activity is detected I can shut him down, identify how he got in, close that off, and swap in a clean and fixed server. I'm not ignoring perimeter security. It's best if attackers don't get in at all. But I'm not one for relying on the chance that some misdirection will prevent intrusion. I'm not one for relying on the chance that someone will spot the attempts before they succeed. Chance, by definition, is not reliable. As for the secret escape routes? Those aren't perimeter security. There a last resort when everything else has failed and the alternative is death or capture. And historically, they're not particularly reliable. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
