Re: Question about securelevel

roberto_at_redix.it
Date: 02/11/04

  • Next message: Jim Zajkowski: "Re: Question about securelevel" 
    Date: Wed, 11 Feb 2004 16:24:02 +0100 (CET)
To: freebsd-security@freebsd.org

    > On 11 févr. 2004, at 14:30, Jim Zajkowski wrote:
    >
    >>> Could this configuration be considered secure, according to you?
    >>
    >> There's no way to determine that without some consideration of the
    >> threats you are facing. Security considerations against simple
    >> attacks (e.g., kiddies) are a lot different than considerations
    >> against industrial espionage, against discovery by the secret police,
    >> and against very smart government spies.
    >>
    >> What are you protecting? From whom? At what cost?
    >
    >
    > the cost is, to me, the more relevant point because every aspects of a
    > security policy has a cost or can be seen as a cost.
    > Security is :
    > time that you spend to setup = cost
    > time that you spend for maintenance = cost
    > increased complexity on the workflow (user teaching, admin training,
    > more delay) = cost
    > less time for disaster recovery = negative cost
    > protecting valuable data/info = negative cost
    >
    > When you sum all this, you should get a negative total cost, if not
    > then your security policy is probably overkill.
    >
    > I guess if I would want a perfect secure system I would start with a
    > bootable CD as main filesystem, with, why not, union filesystems at
    > some mount point for more flexibility.
    >
    >
    > patpro
    > --
    > je cherche un poste d'admin-sys Mac/UNIX
    > (ou une jeune et jolie femme riche)
    > http://patpro.net/cv.php
    >

    Yes I agree with you: a secure system should be read-only fs, but to
    overcome the drawbacks of a CDROM, I can use a standard hardisk with a
    read-only file system while securelevel==3. The writable file system
    should be available in single user mode only on console.

    Regards
    Roberto

     _______________________________________________
     freebsd-security@freebsd.org mailing list
     http://lists.freebsd.org/mailman/listinfo/freebsd-security
     To unsubscribe, send any mail to
     "freebsd-security-unsubscribe@freebsd.org"

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Jim Zajkowski: "Re: Question about securelevel"

    Relevant Pages

    • Re: Question about securelevel
      ... are a lot different than considerations ... At what cost? ... security policy has a cost or can be seen as a cost. ... bootable CD as main filesystem, with, why not, union filesystems at ...
      (FreeBSD-Security)
    • RE: Concepts: Security and Obscurity
      ... resources are limited and thus there is a cost to life. ... It is not obscurity in the manner being ... more you spend on security the less of an advantage is gained. ... It also ignores the requirements of a control function. ...
      (Security-Basics)
    • RE: Concepts: Security and Obscurity
      ... International Journal of Social Economics ... Security is an economic decision. ... risk and always cost. ... Subject: Concepts: Security and Obscurity ...
      (Security-Basics)
    • RE: Concepts: Security and Obscurity
      ... I have at no point claimed absolute security measures or cost ... nothing to do with security is pure head in the sand ignorance. ... It also ignores the requirements of a control function. ... of transformation pressure " Cambridge Journal of Economics, ...
      (Security-Basics)
    • Re: [fw-wiz] tunnel vs open a hole
      ... better code, better testing, implies larger cost. ... MS IIS has bugs, bugs are reported in the industry news, bugs get fixed. ... How many CEOs have lost their job due to an Internet break-in? ... How many companies have gone out of business due to a bad security tool ...
      (Firewall-Wizards)