[1946] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: A switch? A router? What am I looking for??

daemon@ATHENA.MIT.EDU (Christopher Hicks)
Tue Jun 30 02:50:24 1998

Date: Tue, 30 Jun 1998 02:00:31 -0400 (EDT)
From: Christopher Hicks <chicks@chicks.net>
To: Woody Weaver <woody@wiltelnsi.com>
cc: security@kokoro.com, firewalls@lists.gnac.net, linux-security@redhat.com
In-Reply-To: <3.0.5.32.19980629130441.00aa3520@mailhost.wiltelnsi.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Mon, 29 Jun 1998, Woody Weaver wrote:
> Put in a switch to improve bandwidth, not out of a sense of security. 

Security in depth is good.  A switch's primary purpose is and should be
improved bandwidth.  But it also helps security.  MAC floods can be
detected.  That's enough to dissuade some threats.  The attraction of
packet sniffing attacks is the difficulty of detection.

But the principle of security in depth is the real issue I'm trying to
address.  It is often missed.  Just because a switch or a firewall or a
lock on a file cabinet isn't perfect does not mean that it shouldn't be
part of a complete security plan.  People lock their office door then
leave root logged in.  People buy a firewall and then run their systems
without patches or proper passwords.  Bad.  Bad.  There are few either-or
choices in security that shouldn't be answered "both".

</chris>
-- 
     If trees could scream, would we be so cavalier about cutting them
    down?  We might, if they screamed all the time, for no good reason.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post