Re: [fw-wiz] SCADA

On Tue, 14 Apr 2009, Marcus J. Ranum wrote:

Paul D. Robertson wrote:
The other side of the coin is that adding layers adds complexity and code- and adding code adds bugs- so you don't *always* get a net security gain by adding "protecion."

You raise a problem that I've spent too much time pondering. In effect,
it refutes the "conventional wisdom" of computer security. Which goes
as follows:
Item #1 - Defense in depth is good
Item #2 - Complexity is the enemy of security

If #2 is true, #1 can't be, because defense in depth adds complexity.


add multiple simple layers rather than trying to do everything in one very complex system.

with the traditional firewalls architecture you add complexity in your network to make the firewalls choke points and apply fairly simple controls there rather than trying to implement the same protection on a per-host bases.

or putting it another way, if each component is simple enough to be easily understood (and checked), then you have a hope of understanding (and checking) sets of components.

but if a single component's configuration and capabilities gets to the point where it is too complex to be understood or checked, you have no hope of understanding or checking your network as a whole.

defining when a component has become 'too complex' is a subjective thing, as is determining when the arrangement of those components has become too complex. different people will make different trade-offs.

David Lang
firewall-wizards mailing list