|
Firewall Wizards
mailing list archives
Re: A fun smackdown...
From: Carson Gaspar <carson () taltos org>
Date: Fri, 20 May 2005 17:45:52 -0400
OK, I've kept my mouth shut so far, but...
--On Friday, May 20, 2005 11:55 AM -0400 Chuck Swiger <chuck () codefab com>
wrote:
Sure, this defines security much the way that Paul does: the more stuff
the system denies, the more "secure" it is. A door lock which rejects
all keys, even a good key, is more "secure" than a lock which rejects
only invalid keys.
I find this definition to be self-consistent, but lacking, and would
argue that security consists of more than just being able to deny stuff
really well.
It comes down to how one defines "security". I think it's time to bring
back the "security stool" analogy (I wish I could give proper attribution,
but those neurons have gone missing...). Security consists of multiple
attributes, this analogy breaks them down into 4 "legs" of the "stool":
- Authentication (who are you)
- Authorization (what are you allowed to do)
- Availability (is the data accessible)
- Authenticity (is the data intact)
Attacking any of the "legs" seriously weakens or breaks the "stool". The
nasty bit (and the source of the contention it seems) is the
"availability" part... and it all comes down to a risk decision. Which is
worse, that an authorized person can't see the data, or than an
unauthorized person can see it (and possibly damage it)? The answer is
different for each case.
--
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
RE: A fun smackdown... FirewallAdmin (May 17)
|
Intro
