Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Feb 2004 14:57:05 +0100
From:      Patrick Proniewski <patpro@patpro.net>
To:        Liste FreeBSD-security <freebsd-security@freebsd.org>
Subject:   Re: Question about securelevel
Message-ID:  <2CAA7A5D-5C9A-11D8-ADF8-0030654D97EC@patpro.net>
In-Reply-To: <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net>
References:  <1171.192.168.0.77.1076505166.squirrel@mail.redix.it> <79D6F861-5C96-11D8-A225-000A95DA58FE@jimz.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 11 f=E9vr. 2004, at 14:30, Jim Zajkowski wrote:

>> Could this configuration be considered secure, according to you?
>
> There's no way to determine that without some consideration of the=20
> threats you are facing.  Security considerations against simple=20
> attacks (e.g., kiddies) are a lot different than considerations=20
> against industrial espionage, against discovery by the secret police,=20=

> and against very smart government spies.
>
> What are you protecting?  =46rom whom?  At what cost?


the cost is, to me, the more relevant point because every aspects of a=20=

security policy has a cost or can be seen as a cost.
Security is :
	time that you spend to setup =3D cost
	time that you spend for maintenance =3D cost
	increased complexity on the workflow (user teaching, admin =
training,=20
more delay) =3D cost
	less time for disaster recovery =3D negative cost
	protecting valuable data/info =3D negative cost

When you sum all this, you should get a negative total cost, if not=20
then your security policy is probably overkill.

I guess if I would want a perfect secure system I would start with a=20
bootable CD as main filesystem, with, why not, union filesystems at=20
some mount point for more flexibility.


patpro
--=20
je cherche un poste d'admin-sys Mac/UNIX
(ou une jeune et jolie femme riche)
http://patpro.net/cv.php



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2CAA7A5D-5C9A-11D8-ADF8-0030654D97EC>