[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote Desktop Command Fixation Attacks
pdp (architect) wrote:
> Thor, with no disrespect but you are wrong. Security in depth does not
> work and I am not planning to support my argument in any way. This is
> just my personal humble opinion. I've seen only failure of the
> principles you mentioned. Security in depth works only in a perfect
> world. The truth is that you cannot implement true security mainly
> because you will hit on the accessibility side. It is all about
> achieving the balance between security and accessibility. Moreover,
> you cannot implement security in depth mainly because you cannot
> predict the future. Therefore, you don't know what kinds of attack
> will surface next.
> Security is not a destination, it is a process. Security in depth
> sounds like a destination to me.
Security in depth is neither a destination nor a process. It is a state
of mind. Each part should take care of itself. And it should be as
secure as possible in each step.
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.