Question about securelevel
Patrick Proniewski
patpro at patpro.net
Wed Feb 11 05:57:08 PST 2004
On 11 févr. 2004, at 14:30, Jim Zajkowski wrote:
>> Could this configuration be considered secure, according to you?
>
> There's no way to determine that without some consideration of the
> threats you are facing. Security considerations against simple
> attacks (e.g., kiddies) are a lot different than considerations
> against industrial espionage, against discovery by the secret police,
> and against very smart government spies.
>
> What are you protecting? From whom? At what cost?
the cost is, to me, the more relevant point because every aspects of a
security policy has a cost or can be seen as a cost.
Security is :
time that you spend to setup = cost
time that you spend for maintenance = cost
increased complexity on the workflow (user teaching, admin training,
more delay) = cost
less time for disaster recovery = negative cost
protecting valuable data/info = negative cost
When you sum all this, you should get a negative total cost, if not
then your security policy is probably overkill.
I guess if I would want a perfect secure system I would start with a
bootable CD as main filesystem, with, why not, union filesystems at
some mount point for more flexibility.
patpro
--
je cherche un poste d'admin-sys Mac/UNIX
(ou une jeune et jolie femme riche)
http://patpro.net/cv.php
More information about the freebsd-security
mailing list