Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remote Desktop Command Fixation Attacks

From: hvdkooij () vanderkooij org
Date: Thu, 11 Oct 2007 23:45:05 +0200
pdp (architect) wrote:

Thor, with no disrespect but you are wrong. Security in depth does not
work and I am not planning to support my argument in any way. This is
just my personal humble opinion. I've seen only failure of the
principles you mentioned. Security in depth works only in a perfect
world. The truth is that you cannot implement true security mainly
because you will hit on the accessibility side. It is all about
achieving the balance between security and accessibility. Moreover,
you cannot implement security in depth mainly because you cannot
predict the future. Therefore, you don't know what kinds of attack
will surface next.

Security is not a destination, it is a process. Security in depth
sounds like a destination to me.


Security in depth is neither a destination nor a process. It is a state
of mind. Each part should take care of itself. And it should be as
secure as possible in each step.

Hugo.

-- 
hvdkooij () vanderkooij org               http://hugo.vanderkooij.org/
        Don't meddle in the affairs of sysadmins,
        for they are subtle and quick to anger.
Previous By Date Next
Previous By Thread Next

Current thread: