[55214] in North American Network Operators' Group
Re: Banc of America Article
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sat Jan 25 19:52:30 2003
Date: Sat, 25 Jan 2003 19:22:58 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: Alex Rubenstein <alex@nac.net>
Cc: nanog@nanog.org
In-Reply-To: <Pine.WNT.4.43.0301251737250.2284-100000@TEMPEST.hq.nac.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 25 Jan 2003, Alex Rubenstein wrote:
> Does anyone else, based upon the assumptions above, believe this statement
> to be patently incorrect (specifically, the part about 'personal
> information had not been at risk.') ?
Patently incorrect? No. It is possible.
Even if the confidentiality of your data is protected, you are still
vulnerability to attacks on availability and integrity of the data.
For example, you may fully encrypt all your data, use VPNs, etc. But you
can still loose service due to network congestion or routers failing due
to other unprotected traffic on your network.
One of the most common mistakes I see rookie security people make is
thinking "confidentiality" is the only business requirement.
