RE: Castles and Security (fwd)

["Marcus J. Ranum" <mjr () nfr com>]

daN. wrote:
> There is no point in making a rule if you cannot punish those who break it.

That's actually not true!!!

If you make a rule, it defines clearly the lines between honest and dishonest
behavior. This serves to separate the players into 2 clear camps, instead of a
single big grey zone.

My friends at L0pht convinced me very effectively that the purpose of locks is
to keep _honest_ people honest. It's actually useful as such because then
you know that if someone goes through a locked door they are either authorized
or a bad guy. Sure, someone can claim "I just rattled the knob and the door was
already unlocked" but that only goes a short distance or nowhere depending on
the lock system used. Honest people take one look at a locked door and
rightly conclude "I'm not supposed to go through there" and go away. And if
you see someone trying to pick your lock, you know he's up to no good and
can deal with them differently. Basically, rules, locks, etc, serve to force the
bad guys to clearly identify as suck, which makes them targets.

I keep coming back to this issue of improving targeting and it seems like
lots of people don't "get it" - I'm worried that I'm not communicating effectively,
or something. Am I being obscure?

mjr.
---
Marcus J. Ranum, Chief Technology Officer, NFR Security, Inc.
Work:   http://www.nfr.com
Play: http://www.ranum.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards