Home page logo
/

basics logo Security Basics mailing list archives

Re: considerations about exploits tricks
From: PCSC Information Services <info () pcsage biz>
Date: Mon, 5 Nov 2007 09:38:39 -0500

Hi opexoc et al,

One thing to be considered when designing your systems for security is that 'Security is a process, not a destination' It's been argued that the only secure computer is the one that's at the bottom of the ocean with no power available. I would hazard that with this in mind, there is never the possibility of 'winning' the battle, only consistent successful defense of the perimeter.

Successful security is consistent, but to arrive at this level of consistency requires constant vigilance. It would never do to rest on ones laurels and say 'We've arrived and we're secure.' as that 'Maginot Line' of thinking would only be circumvented by shifting the vector of attack (as the Maginot defense proved)

If you are in charge of security for your organization, it's critical to have frank discussion about the ongoing security requirements of your systems, and to ensure that policy is in place to monitor, and adjust your security processes as software and systems evolve. Even more critical is that the budget and human-power is adequately provided for through the policy so as to ensure that these evolving security threats are met with the appropriate response. Attackers are never standing still, and neither should the vigilant security expert.

Best,

Sean Swayze

On 3-Nov-07, at 7:36 PM, opexoc () gmail com wrote:

Hello,

I wonder about security holes which are still present in our OS, which let attackers take over control. I have heard about PAX system, ProPolice and other, which in consolidation should well defend system against attacks like buffer overflow. Is it not enough? Can't we really win the battle against buffer overflow and heap overflow?

opexoc


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]