-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Although Daniel's comments may be tongue-in-cheek, there is some truth. Here are a few ideas that have become more or less mantras for me, personally....
There IS NO *perfect* security. Defense in depth. The larger your network is, the less effective your perimeter becomes. The end user is always the weakest link. There may be a few more that people feel I have left out. Basically, if you're asking what I think you're asking, you have to be able to cater the level of security you're providing to the needs of your customer. Anti-virus/spyware software, firewalls, IDS/IPSs, "Security Minded" routing......all of these thing have a part in an ideally secure situation. The point is to identify the most critical assets and possible vectors of attack. Then you design a security architecture that 1) addresses those vectors, and 2) has multiple layers that should one preventative method fail, another will detect/prevent (defense in depth). There will always be someone out there who is able to figure out a hole, with enough knowledge, experience, persistence, and luck. If you have a customer that is asking for "perfect security", tell them it can't be done. If you're asking a philosophical question, well secure application development can make a security professional's life a little easier, but it's not going to solve the fundamental problem. But, just like the rest of the security tools (firewalls, etc.), more secure applications and programming techniques only play a part. HTH. - -- - - Charlie 5A27 58D2 C791 8769 D4A4 F316 7BF8 D1F6 4829 EDCF > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Daniel H. Renner > Sent: Monday, August 08, 2005 9:08 AM > To: [email protected] > Subject: Re: [Full-disclosure] perfect security architecture > (network) > > Good Lord C0br4, > > Did your new client give you a shopping list or what? > > Use the force C0br4! The force (of the right forum) will protect > you! > > -- > Dan Renner > Los Angeles Computerhelp > http://losangelescomputerhelp.com > > > On Mon, 2005-08-08 at 12:00 +0100, > [EMAIL PROTECTED] wrote: > > Date: Mon, 8 Aug 2005 11:04:34 +0530 > > From: C0BR4 <[EMAIL PROTECTED]> > > Subject: [Full-disclosure] perfect security architecture > > (network) To: [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset=ISO-8859-1 > > > > Hey guys, > > > > Have couple of questions need answers plz........... > > > > There are three attacks that jeopardize Information security. > > > > ------------------------------ > > - secure Network - > > ------------------------------ > > - secure Host - > > ------------------------------ > > - secure Application - > > ------------------------------- > > > > How can we optimize security? Stopping attacks at network > or building > > secure applications.. > > > > How should we deal with these attacks? People talk about > > Firewall, IDS/IPS etc.. > > > > What's best? > > > > If asked to give a perfect security architecture (network) > what would > > you suggest? Given > > a Firewall, Router, IDS, IPS and Anti-virus . > > > > thank you > > C0br4 > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQvgImHv40fZIKe3PEQIKUACg3rcR67ioI8s3UK2Lm8U1Tr+ytvQAoIu6 47spbOk+qXkqN09ep0nR9Dms =7fIa -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
