From owner-freebsd-security Mon Sep 3 4:34:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from guard.ing.nl (guard.ing.nl [194.178.239.66]) by hub.freebsd.org (Postfix) with ESMTP id 23D8337B405 for ; Mon, 3 Sep 2001 04:34:52 -0700 (PDT) Received: by ING-mailhub; id NAA28547; Mon, 3 Sep 2001 13:36:48 +0200 (MET DST) Received: from somewhere by smtpxd content-class: urn:content-classes:message Subject: RE: Re[2]: Possible New Security Tool For FreeBSD, Need Your Help. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Mon, 3 Sep 2001 13:39:06 +0200 Message-ID: <98829DC07ECECD47893074C4D525EFC31176C2@citsnl007.europe.intranet> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Re[2]: Possible New Security Tool For FreeBSD, Need Your Help. Thread-Index: AcE0ZB6rVy5td3bnQ96ZygomLtWJ4wAAKkxg From: "Carroll, D. (Danny)" To: "Nickolay A.Kritsky" Cc: Importance: normal X-OriginalArrivalTime: 03 Sep 2001 11:38:59.0651 (UTC) FILETIME=[05CD6130:01C1346D] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :CDD> Yeah but Obfuscation PLUS good security does not hurt, in=20 :fact it helps. :CDD> Just so long as you don't *rely* on it. : :Don't you think it is really _too_ complicated. While you have :firewalls, open key logins, IP based verification. Just Keep It :Simple. IMHO the more complicated it gets, the more chances you have, :that in one day all this "security improvements" will play against :you. I was really objecting to the statement that obsfucation is bad, rather than the point in case. I agree simple security is good, but you can help yourself out by *hiding* things to make the potential attackers job a little harder. As for security improvements becomming unmanageable, I would suggest that good network documentation would solve that problem. If you are going to go to the trouble of writing a time-based port-scanning key-sending authentication system, then you'd better be prepared to document it. -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message