[Discuss] Port Scanning
Rich Pieri
richard.pieri at gmail.com
Sun Aug 4 14:27:40 EDT 2024
On Sun, 4 Aug 2024 09:45:06 -0700
Kent Borg <kentborg at borg.org> wrote:
Security is not a state. It's an iterative process.
I originally wrote a lot of tearing down of straw-man assertions like
firewalls failing open (they don't: they fail closed so there is no
access in or out and therefore there is no damage). But instead I
deleted almost all of that to focus on this:
> I like a quite I recently ran across from Peter Gutmann:
>
> Rule #1: Complexity of the enemy of security.
Two errors here.
First, the original quote is, "[t]he worst enemy of security is
complexity."
This is an admonition to design systems to be no more complex than is
required of them. Which is a good general design philosophy.
A corollary is that just because *you* don't understand it doesn't mean
that the people who do understand it are unable to keep it secure.
"Most people" don't need to know the difference between a Layer 3
firewall and a Layer 7 firewall any more than they need to know how
heat catalyzes chemical reactions in batter to make fluffy pancakes.
Second, it was Bruce Schneier who wrote this.
https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html
--
\m/ (--) \m/
More information about the Discuss
mailing list