From owner-freebsd-security@FreeBSD.ORG Wed Feb 11 05:57:07 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA25E16A4CE for ; Wed, 11 Feb 2004 05:57:07 -0800 (PST) Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E93643D31 for ; Wed, 11 Feb 2004 05:57:07 -0800 (PST) (envelope-from patpro@patpro.net) Received: from [192.168.0.1] (cassandre [192.168.0.1]) by boleskine.patpro.net (Postfix) with ESMTP id 751A7145; Wed, 11 Feb 2004 14:57:06 +0100 (CET) In-Reply-To: <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net> References: <1171.192.168.0.77.1076505166.squirrel@mail.redix.it> <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net> Mime-Version: 1.0 (Apple Message framework v612) Content-Type: text/plain; charset=ISO-8859-1; format=flowed Message-Id: <2CAA7A5D-5C9A-11D8-ADF8-0030654D97EC@patpro.net> Content-Transfer-Encoding: quoted-printable From: Patrick Proniewski Date: Wed, 11 Feb 2004 14:57:05 +0100 To: Liste FreeBSD-security X-Mailer: Apple Mail (2.612) Subject: Re: Question about securelevel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2004 13:57:08 -0000 On 11 f=E9vr. 2004, at 14:30, Jim Zajkowski wrote: >> Could this configuration be considered secure, according to you? > > There's no way to determine that without some consideration of the=20 > threats you are facing. Security considerations against simple=20 > attacks (e.g., kiddies) are a lot different than considerations=20 > against industrial espionage, against discovery by the secret police,=20= > and against very smart government spies. > > What are you protecting? =46rom whom? At what cost? the cost is, to me, the more relevant point because every aspects of a=20= security policy has a cost or can be seen as a cost. Security is : time that you spend to setup =3D cost time that you spend for maintenance =3D cost increased complexity on the workflow (user teaching, admin = training,=20 more delay) =3D cost less time for disaster recovery =3D negative cost protecting valuable data/info =3D negative cost When you sum all this, you should get a negative total cost, if not=20 then your security policy is probably overkill. I guess if I would want a perfect secure system I would start with a=20 bootable CD as main filesystem, with, why not, union filesystems at=20 some mount point for more flexibility. patpro --=20 je cherche un poste d'admin-sys Mac/UNIX (ou une jeune et jolie femme riche) http://patpro.net/cv.php