[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote Desktop Command Fixation Attacks

pdp (architect) wrote:
> Thor, with no disrespect but you are wrong. Security in depth does not
> work and I am not planning to support my argument in any way. This is
> just my personal humble opinion. I've seen only failure of the
> principles you mentioned. Security in depth works only in a perfect
> world. The truth is that you cannot implement true security mainly
> because you will hit on the accessibility side. It is all about
> achieving the balance between security and accessibility. Moreover,
> you cannot implement security in depth mainly because you cannot
> predict the future. Therefore, you don't know what kinds of attack
> will surface next.
> Security is not a destination, it is a process. Security in depth
> sounds like a destination to me.

Security in depth is neither a destination nor a process. It is a state
of mind. Each part should take care of itself. And it should be as
secure as possible in each step.


hvdkooij@xxxxxxxxxxxxxxx               http://hugo.vanderkooij.org/
	Don't meddle in the affairs of sysadmins,
	for they are subtle and quick to anger.