Re: [fw-wiz] SCADA
- From: Dotzero <dotzero@xxxxxxxxx>
- Date: Wed, 15 Apr 2009 09:49:05 -0400
On Tue, Apr 14, 2009 at 6:49 PM, Marcus J. Ranum <mjr@xxxxxxxxx> wrote:
Paul D. Robertson wrote:
The other side of the coin is that adding layers adds complexity and code-
and adding code adds bugs- so you don't *always* get a net security gain by
adding "protecion."
You raise a problem that I've spent too much time pondering. In effect,
it refutes the "conventional wisdom" of computer security. Which goes
as follows:
Item #1 - Defense in depth is good
Item #2 - Complexity is the enemy of security
If #2 is true, #1 can't be, because defense in depth adds complexity.
Puzzled,
mjr.
--
Perhaps a more nuanced discussion on the nature of complexity is in
order. If I perform 5 simple but very beneficial (Securitywise) things
to achieve better defense in depth, how much complexity have I really
added compared to implementing 5 very intricate things?
There will always be a set of tradeoffs to consider. Where one ends up
depends very much on where one thinks one is going.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- Re: [fw-wiz] SCADA
- From: Paul D. Robertson
- Re: [fw-wiz] SCADA
- From: Marcus J. Ranum
- Re: [fw-wiz] SCADA
- Prev by Date: Re: [fw-wiz] SCADA
- Next by Date: Re: [fw-wiz] SCADA
- Previous by thread: Re: [fw-wiz] SCADA
- Next by thread: Re: [fw-wiz] SCADA
- Index(es):
Relevant Pages
|
