nanog mailing list archives
Re: Update to BCP-38?
From: Mike Meredith via NANOG <nanog () nanog org>
Date: Tue, 8 Oct 2019 13:35:16 +0100
As an Evil Firewall Administrator™, I have an interest in this area ... On Fri, 4 Oct 2019 15:05:29 -0700, William Herrin <bill () herrin us> may have written:
On Thu, Oct 3, 2019 at 2:28 PM Keith Medcalf <kmedcalf () dessus com> wroteAnyone who says something like that is not a "security geek". They are a "security poser", interested primarily in "security by obscurity" and "security theatre", and have no clue what they are talking about.
Hmm ... 'primarily in "security by obscurity"' ... that does tend to indicate a severe case of cluelessness (and that's coming from someone who doesn't let his right hand know what his left hand is up to without justification that has been signed off in triplicate). To give a real world example, removing headers from an Apache web server doesn't do much to increase security (it's mostly to keep auditors happy) because automated attacks will hit your exposed Apache servers anyway, and a sophisticated attacker will note the removal and adopt the strategy of an automated attack.
more important information you'd like to deny to him. There's a 5-step process used by the U.S. Military but the TL;DR version is: if you don't have to reveal something, don't.
You've ignored step 1 - identifying critical information that needs protecting. It makes sense to protect information that needs protecting and don't lose sleep over information that doesn't need protecting. Not many of us are planning an invasion of a Nazi-infected Europe any time soon. -- Mike Meredith, University of Portsmouth Hostmaster, Security, and Chief Systems Engineer
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Re: Update to BCP-38?, (continued)
- Re: Update to BCP-38? Masataka Ohta (Oct 04)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 04)
- Re: Update to BCP-38? Jay R. Ashworth (Oct 05)
- Re: Update to BCP-38? Fred Baker (Oct 03)
- Re: Update to BCP-38? Stephen Satchell (Oct 03)
- Re: Update to BCP-38? Fred Baker (Oct 03)
- RE: Update to BCP-38? Keith Medcalf (Oct 03)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 03)
- Re: Update to BCP-38? William Herrin (Oct 04)
- RE: Update to BCP-38? Keith Medcalf (Oct 04)
- Re: Update to BCP-38? Mike Meredith via NANOG (Oct 08)
- Re: Update to BCP-38? Rich Kulawiec (Oct 08)
- RE: Update to BCP-38? Mark Collins (Oct 08)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Mike Meredith via NANOG (Oct 09)
- Re: Update to BCP-38? William Herrin (Oct 08)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 08)
- Re: Update to BCP-38? Mark Collins (Oct 10)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Rich Kulawiec (Oct 09)