RE: Re[2]: Possible New Security Tool For FreeBSD, Need Your Help.

From: Carroll, D. (Danny) (Danny.Carroll@mail.ing.nl)
Date: 09/03/01


Date: Mon, 3 Sep 2001 13:39:06 +0200
From: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>
To: "Nickolay A.Kritsky" <nkritsky@internethelp.ru>


:CDD> Yeah but Obfuscation PLUS good security does not hurt, in
:fact it helps.
:CDD> Just so long as you don't *rely* on it.
:
:Don't you think it is really _too_ complicated. While you have
:firewalls, open key logins, IP based verification. Just Keep It
:Simple. IMHO the more complicated it gets, the more chances you have,
:that in one day all this "security improvements" will play against
:you.

I was really objecting to the statement that obsfucation is bad, rather
than the point in case.

I agree simple security is good, but you can help yourself out by
*hiding* things to make the potential attackers job a little harder.

As for security improvements becomming unmanageable, I would suggest
that good network documentation would solve that problem. If you are
going to go to the trouble of writing a time-based port-scanning
key-sending authentication system, then you'd better be prepared to
document it.

----------------------------------------------------------------- ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. -----------------------------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages