And keeping eyes out that shouldn’t be there in the first place makes the attack vector harder to find in the first place. But preventing attacks in the first place adds a layer of security on top of the application and server hardening. The problems start when you think any single point of security is going provide all the security you need, or when you forget that every layer in a security system has its place and its purpose.Īpplications should be hardened, yes. So long as they’re used for what they’re useful for, there’s no problem with using them. You probably don’t want to know what waits for you at the top of the stairs if you get that far, either.Īll of these things are tools in a complete system. My house has an intrusion detection system, and a video recording system, too.
My house has door locks because door locks at least slow down the thieves in our midst, provide me with some notification that someone is trying to enter where they shouldn’t, and they keep people who really aren’t all that determined out. My house has curtains because not letting people know when I’m home (or not) is one of the simplest things I can do to provide cover.
Firewalls aren’t the end-all, be-all of security, either, but they are yet another element in a suite of tools designed to secure a system.
#OBSCURITY RATING SPOTIFY FREE#
If you don’t think it is, then please, feel free to wander onto any battlefield in an international orange jumpsuit. Let me be blunt for a moment (or have I been blunt enough already?): obscurity isn’t security by itself, but it’s a perfectly valid tool in a suite of tools designed to provide a secure system. “So long as applications are properly built, and you have a solid IDS system, firewalls are just making your life complicated.” The complexity we’re talking about here is the complexity of layer 2 domains stretched out of any sort of natural shape, not sane network designs. “The age of the firewall is over,” we’re told. I’m reminded of one of the sayings drilled permanently into my head through Biblical Hermeneutics: “When you take the text out of its context, you’re left with a con.” Obscuring your cipher certainly isn’t a good way to keep people from breaking your cipher, but networks aren’t cryptography problems, they’re networks.
Don’t bother with route filters and network address translators, because they only obscure your devices, rather than secure them. Or so you would believe if you listened to the security folks in the network world. They’re simply old fashioned, passe, just not needed at all. So long as you have a really good alarm system, combined with cameras that record everything, door locks are really not needed. “The end of the door lock age,” I’m told. You won’t miss them after a while.” More recently, I’ve been told door locks really aren’t needed, either. Quit fooling yourself and simply take those curtains down, so everyone can see everything. “So long as your door locks are strong, and the house well designed,” it was said, “hiding your valuables really doesn’t make them more secure. It was only a year or two ago that I was informed I no longer need curtains in my house.
0 kommentar(er)
