<quote name="Levi Pearson" date="Mon, 13 Sep 2010 at 20:27 -0600"> > On Mon, Sep 13, 2010 at 7:44 PM, Von Fugal <[email protected]> wrote: > > <quote name="Merrill Oveson" date="Mon, 13 Sep 2010 at 11:50 -0600"> > >> yeah, they can't get in - that is if they click on it, they're > >> prompted for user name and password. > >> > >> I believe the first rule of security is "Don't show the thief where > >> the doors are." > > > > That is a disastrous policy. "Security by obscurity" it is often called, > > and it's almost a derogatory term. If you want to add obscurity as one > > final layer on top of a well thought out and implemented security > > strategy, then go for it, but to call it the first rule is just folly. <snip/> > In this case, he's clearly got other security measures in place > (described in the immediately preceding line, even!), and hiding the > secured shares is likely to decrease the incidence of random or > opportunistic attacks, so his actual policy is not disastrous at all. > Calling his policy 'disastrous' is uncalled for when it's clearly not > disastrous.
And I clearly mentioned that obscurity is a perfectly valid part of an overall security plan. What I called disastrous was not any particular security plan and not his. What I called disastrous was "the first rule of security is obscurity". And I stand by it. Ya, I called it a disastrous policy. Not the best choice of words on my part. It's a disastrous axiom. How's that? Von Fugal -- Government is a disease that masquerades as its own cure -- Robert Lefevre
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
