[1968] in linux-security and linux-alert archive
[linux-security] Re: RedHat 5.X Security Book
daemon@ATHENA.MIT.EDU (Kent Crispin)
Sun Jul 12 03:48:44 1998
Date: Sat, 11 Jul 1998 19:00:57 -0700
From: Kent Crispin <kent@songbird.com>
To: linux-security@redhat.com
In-Reply-To: <199807101138.HAA32627@pace.picante.com>; from Grant Taylor on Fri, Jul 10, 1998 at 07:38:43AM -0300
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Fri, Jul 10, 1998 at 07:38:43AM -0300, Grant Taylor wrote:
>
[...]
>
> This is not what I said. I merely point out that it is difficult or
> perhaps impossible to make a "checklist" that will be complete enough
> to result in a system that is actually secure. Particularly so over
> time.
"Security" is relative. "Actually secure" makes it a binary choice.
It aint so.
[...]
> > I have a car. I know how to drive it. I can change flat tires, add
> > oil and gas. This covers about 99% of normal stuff. I take it to a
> > car mechanic when it needs it. I am not going to stop on the side of
> > the road, pull 200 pounds of tools out of the trunk and change all
> > the gaskets in the engine.
>
> Absolutely. But network security is more complex than car
> maintenance. It also differs in that "99% secure" isn't significantly
> better than "40% secure".
?? No attacker knows every exploit, and no sysadmin knows every
exploit. The more holes you close the more likely you are to block up
the ones that any particular attacker will know.
"99% secure" is an almost completely meaningless statement, in any
case.
> Anyone interested in breaking in has only
> to try out a bag of tricks until he hits that forgotten 1%.
That assumes that the attackers bag of tricks includes that forgotten
1%. In fact, clue is not evenly distributed among the cracker
community, either. A very few are brilliant and knowledgable, most
are not.
--
Kent Crispin, PAB Chair "No reason to get excited",
kent@songbird.com the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null