This is a collection of random infrastructure notes based on the work I'm doing at any given time. Most of the technical notes here assume an infrastructure similar to the one I'm working on (which I will not describe in detail, and which is subject to change). I can't be responsible if you do something that's documented here and bad things happen.

Sunday, April 20, 2008

Good Article: The Six Dumbest Ideas in Computer Security

Found an interesting article on security today. Here's the blurb:

What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying "trying to ignore reality." 

There's some good advice in there. Most of all I appreciate the author's rejection of the romanticization of "hacking". It has bugged the crap out of me for years that people see black-hat hacking activities as a path to a career as a security consultant, and there are enterprises out there explicitly enabling this!  It does get a bit dogmatic at times.  Yes, okay, we'd never fly on commercial airliners if the airlines took the same attitude towards airplane maintenance as most take towards network security, but then again no one dies if my network gets penetrated, so let's not get too overheated.

read more | digg story

No comments: