[Discuss] Port Scanning

[richard.pieri at gmail.com (Rich Pieri)]

On Sun, 4 Aug 2024 09:45:06 -0700
Kent Borg <kentborg at borg.org> wrote:

Security is not a state. It's an iterative process.

I originally wrote a lot of tearing down of straw-man assertions like
firewalls failing open (they don't: they fail closed so there is no
access in or out and therefore there is no damage). But instead I
deleted almost all of that to focus on this:

> I like a quite I recently ran across from Peter Gutmann:
> 
>  ? Rule #1: Complexity of the enemy of security.

Two errors here.

First, the original quote is, "[t]he worst enemy of security is
complexity."

This is an admonition to design systems to be no more complex than is
required of them. Which is a good general design philosophy.

A corollary is that just because *you* don't understand it doesn't mean
that the people who do understand it are unable to keep it secure.
"Most people" don't need to know the difference between a Layer 3
firewall and a Layer 7 firewall any more than they need to know how
heat catalyzes chemical reactions in batter to make fluffy pancakes.

Second, it was Bruce Schneier who wrote this.
https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html

-- 
\m/ (--) \m/