On Sun, Feb 21, 2021 at 1:38 PM Stuart Henderson <[email protected]> wrote:
> I don't honestly think it's worth going to the trouble of disabling.
> Look at the other software you run which isn't enabled in OpenBSD by
> default - that's where your attack surface is ;)
Also look at your hardware, and look at the documentation on the
software you're using.
Unless your concern is malware specifically targeted at your
environment, the consequences of being hit by malware probably aren't
going to be too far away from the consequences of running on faulty
hardware and/or not understanding your software.
(Malware specifically targeted at your environment would most likely
be motivated along the lines of discrediting you and/or your efforts.
And that's usually more easily accomplished using other methods, like
capitalizing on your most obvious mistakes.)
(If your concern is protection of trade secrets or loss of critically
important information: ink on paper does a pretty good job of holding
comprehensible information, and it has an attack surface which is
quite small, etc. But mostly, if those are concerns for you, it's
going to be about the people you're working with, and their
motivations. Also, mostly: NASA is a much better source of good
technical information, for those who want that.)
("Don't worry about people stealing an idea. If it's original, you
will have to ram it down their throats." -- Howard H. Aiken)
Anyways, the point I am trying to make here is that you're going to
notice some problems too late (so having plans for dealing with
failures is good, and having a variety of ways of isolating failures
is good).
That said: planning for the wrong disaster is usually better than not
planning for any disasters.
Good luck,
--
Raul
