Date: Wed, 11 Feb 2004 14:57:05 +0100 From: Patrick Proniewski <patpro@patpro.net> To: Liste FreeBSD-security <freebsd-security@freebsd.org> Subject: Re: Question about securelevel Message-ID: <2CAA7A5D-5C9A-11D8-ADF8-0030654D97EC@patpro.net> In-Reply-To: <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net> References: <1171.192.168.0.77.1076505166.squirrel@mail.redix.it> <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 f=E9vr. 2004, at 14:30, Jim Zajkowski wrote: >> Could this configuration be considered secure, according to you? > > There's no way to determine that without some consideration of the=20 > threats you are facing. Security considerations against simple=20 > attacks (e.g., kiddies) are a lot different than considerations=20 > against industrial espionage, against discovery by the secret police,=20= > and against very smart government spies. > > What are you protecting? =46rom whom? At what cost? the cost is, to me, the more relevant point because every aspects of a=20= security policy has a cost or can be seen as a cost. Security is : time that you spend to setup =3D cost time that you spend for maintenance =3D cost increased complexity on the workflow (user teaching, admin = training,=20 more delay) =3D cost less time for disaster recovery =3D negative cost protecting valuable data/info =3D negative cost When you sum all this, you should get a negative total cost, if not=20 then your security policy is probably overkill. I guess if I would want a perfect secure system I would start with a=20 bootable CD as main filesystem, with, why not, union filesystems at=20 some mount point for more flexibility. patpro --=20 je cherche un poste d'admin-sys Mac/UNIX (ou une jeune et jolie femme riche) http://patpro.net/cv.php
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2CAA7A5D-5C9A-11D8-ADF8-0030654D97EC>