[147367] in North American Network Operators' Group
Re: BGP and Firewalls...
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Wed Dec 7 22:51:08 2011
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG Group <nanog@nanog.org>
Date: Thu, 8 Dec 2011 03:43:34 +0000
In-Reply-To: <20111207183653.GA98645@ussenterprise.ufp.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 8, 2011, at 1:36 AM, Leo Bicknell wrote:
> I don't think you're looking at defense in depth in the right way,
Actually, it sometimes seems as if nobody in the industry understands what =
'defense in depth' really means, heh.
'Defense in depth' is a military term of art which equates to 'trading spac=
e for time in order to facilitate attrition of enemy forces'. It does not =
have any real relevance to infosec/opsec; unfortunately, its original meani=
ng has been corrupted and so it is widely (and incorrectly) used in place o=
f the more appropriate 'combined arms approach' or 'jointness' or 'mutual s=
upport' or 'layered defense' metaphors. Hannibal's tactics at Cannae are g=
enerally cited as the canonical (pardon the pun) example of actual military=
defense in depth.
;>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
