Firewall Wizards mailing list archives
Re: SCADA
From: Brian Loe <knobdy () gmail com>
Date: Wed, 15 Apr 2009 09:38:00 -0500
On Tue, Apr 14, 2009 at 5:49 PM, Marcus J. Ranum <mjr () ranum com> wrote:
Paul D. Robertson wrote:The other side of the coin is that adding layers adds complexity and code- and adding code adds bugs- so you don't *always* get a net security gain by adding "protecion."You raise a problem that I've spent too much time pondering. In effect, it refutes the "conventional wisdom" of computer security. Which goes as follows: Item #1 - Defense in depth is good Item #2 - Complexity is the enemy of security If #2 is true, #1 can't be, because defense in depth adds complexity. Puzzled, mjr.
Completely agree - but is it a ying/yang thing, where the two compliment each other and you need only find the balance? I tend to believe it is, with an emphasis on keeping things as simple as possible. Human nature is a risk - complexity is...an attack vector? :) _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards