Re: Remote Desktop Command Fixation Attacks
pdp (architect) wrote:
> Thor, with no disrespect but you are wrong. Security in depth does not
> work and I am not planning to support my argument in any way. This is
> just my personal humble opinion. I've seen only failure of the
> principles you mentioned. Security in depth works only in a perfect
> world. The truth is that you cannot implement true security mainly
> because you will hit on the accessibility side. It is all about
> achieving the balance between security and accessibility. Moreover,
> you cannot implement security in depth mainly because you cannot
> predict the future. Therefore, you don't know what kinds of attack
> will surface next.
>
> Security is not a destination, it is a process. Security in depth
> sounds like a destination to me.
Security in depth is neither a destination nor a process. It is a state
of mind. Each part should take care of itself. And it should be as
secure as possible in each step.
Hugo.
--
hvdkooij@xxxxxxxxxxxxxxx http://hugo.vanderkooij.org/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.