On Tue, 15 Oct 2002 11:06:09 +1000, Benny Nasution
<bnas3(_at_)STUDENT(_dot_)MONASH(_dot_)EDU> said:
Security always needs to be increased to reduce threats and risks, but
these threats and risks are the ultimate ýsource of information about
the quality of its ability. Therefore the better the security is
developed the less information you will get about how to improve it.
Proper auditing and instrumentation will tell you what's being *attempted*.
Also, note that security is a *process*, and involves making trade-offs.
For instance, my network has well over 30K hosts on it. Even if I manage to
make 99% of them totally hack-proof, I need to expect an average of 1 host
to be hacked *every day*. Yes, I could probably harden it so 99.9% were
hackproof so I only had 3-4 incidents a month. But it's not worth it - adding
that extra '9' would take more time than fixing the hosts. I'm better off
hardening the 150 or so hosts that are really critical to 99.95%, creating
a document that will let the users get to 98%, and have a "it looks like you
got hacked, here's hints on cleaning up" form e-mail.
The day that things are so secure that we don't get enough feedback so we
have ideas on how to improve the process even more, I will *quite* happily
declare victory and retire. However, given how *little* things have improved
in the 30 years since the original Multics penetration-test paper, I'm
afraid I won't be escaping before mandatory retirement catches up with me
in about 30 years.
http://domino.watson.ibm.com/library/cyberdig.nsf/1e4115aea78b6e7c85256b360066f0d4/fdefbebc9dd3e35485256c2c004b0f0d?OpenDocument&Highlight=0,multics
(If that doesn't work, go to:
http://domino.watson.ibm.com/library/cyberdig.nsf/Search
and search for 'Multics').
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgp99rMEnMj8j.pgp
Description: PGP signature