[170124] in North American Network Operators' Group
Re: misunderstanding scale
daemon@ATHENA.MIT.EDU (William Herrin)
Mon Mar 24 13:13:17 2014
In-Reply-To: <53305D40.9020908@mtcc.com>
From: William Herrin <bill@herrin.us>
Date: Mon, 24 Mar 2014 13:08:46 -0400
To: Michael Thomas <mike@mtcc.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Mar 24, 2014 at 12:28 PM, Michael Thomas <mike@mtcc.com> wrote:
> On 03/24/2014 09:20 AM, William Herrin wrote:
>> On Mon, Mar 24, 2014 at 3:00 AM, Karl Auer <kauer@biplane.com.au> wrote:
>>> Addressable is not the same as
>>> accessible; routable is not the same as routed.
>>
>> Indeed. However, all successful security is about _defense in depth_.
>> If it is inaccessible, unrouted, unroutable and unaddressable then you
>> have four layers of security. If it is merely inaccessible and
>> unrouted you have two.
>
> A distinction without a difference, IMHO. Either I can send you an incoming
> SYN or I can't.
Hi Mike,
You can either press the big red button and fire the nukes or you
can't, so what difference how many layers of security are involved
with the "Football?"
I say this with the utmost respect, but you must understand the
principle of defense in depth in order to make competent security
decisions for your organization. Smart people disagree on the details
but the principle is not only iron clad, it applies to all forms of
security, not just IP network security.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
