[134751] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (mikea)
Mon Jan 10 15:09:30 2011
Date: Mon, 10 Jan 2011 14:09:25 -0600
From: mikea <mikea@mikea.ath.cx>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <201101101452.56885.lowen@pari.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Jan 10, 2011 at 02:52:56PM -0500, Lamar Owen wrote:
> On Friday, January 07, 2011 09:25:59 am David Sparro wrote:
> > I find that the security "Layers" advocates tend not to look at the
> > differing value of each of those layers.
>
> Different layers very much have different values, and, yes, this is often glossed over.
>
> > Going back to the physical door analogy, it's like saying that a bank
> > vault protected by a bank vault door is less secure than a vault with
> > the bank vault door AND a screen door.
>
> More analogous would be the safe with glass relockers and a vial of
> tear gas behind the ideal drill point. Yes, those do exist, and,
> should you want to see a photo of such a vial, I can either provide
> one (have to take the photo with the safe door open next time I'm on
> that site, which may be a while with all this snow and ice on the
> ground) or you can find pics through google.
>
> Even physical locks have layered security principles. Think Medeco
> locks with chisel-pointed pins and the associated sidebar in the
> center, or ASSA's Twin double-stack pin technology, or the use of
> spool pins in locks, or Schlage's Primus system (also sidebar driven)
> or anti-drill armor in front of the pin stack (to prevent drilling the
> shear line), etc. The use of layers in the physical security realm
> is a proven concept, and the synergy of the layers has been shown
> effective over time. Not totally secure, of course, but as the number
> of layers increases the security becomes better and better.
My father used to tell me that "Locks keep the honest people out." He
was right; the clever non-honest are the ones we have to deal with at
that level.
Computers are so great a force multiplier that we are having to do the
same sorts of things to defend against assaults from them.
--
Mike Andrews, W5EGO
mikea@mikea.ath.cx
Tired old sysadmin
