Date: Wed, 11 Feb 2004 14:57:05 +0100 From: Patrick Proniewski <patpro@patpro.net> To: Liste FreeBSD-security <freebsd-security@freebsd.org> Subject: Re: Question about securelevel Message-ID: <2CAA7A5D-5C9A-11D8-ADF8-0030654D97EC@patpro.net> In-Reply-To: <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net> References: <1171.192.168.0.77.1076505166.squirrel@mail.redix.it> <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 févr. 2004, at 14:30, Jim Zajkowski wrote: >> Could this configuration be considered secure, according to you? > > There's no way to determine that without some consideration of the > threats you are facing. Security considerations against simple > attacks (e.g., kiddies) are a lot different than considerations > against industrial espionage, against discovery by the secret police, > and against very smart government spies. > > What are you protecting? From whom? At what cost? the cost is, to me, the more relevant point because every aspects of a security policy has a cost or can be seen as a cost. Security is : time that you spend to setup = cost time that you spend for maintenance = cost increased complexity on the workflow (user teaching, admin training, more delay) = cost less time for disaster recovery = negative cost protecting valuable data/info = negative cost When you sum all this, you should get a negative total cost, if not then your security policy is probably overkill. I guess if I would want a perfect secure system I would start with a bootable CD as main filesystem, with, why not, union filesystems at some mount point for more flexibility. patpro -- je cherche un poste d'admin-sys Mac/UNIX (ou une jeune et jolie femme riche) http://patpro.net/cv.php
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2CAA7A5D-5C9A-11D8-ADF8-0030654D97EC>