Re: Internal vs external threats, any references?

Thu, 7 Oct 1999 05:25:48 -0700 



Rick said,

> One has to be careful with one's universal quantifiers.
>
> "There's no attack you can defend against." - false
> "There are defenses against some attacks." - true
> "There are defenses against all attacks." - false
>
> My own experience makes me skeptical to the point of incredulity when
> someone claims to be invulnerable to viruses and trojans. One can defend
> against limited cases at best, and defenses get stretched to the breaking
> point as time and technology move on.

Agreed, but, I think we can still do something to better protect our systems in
this networked world. Specifically, we should take advantage of the fact that
most systems and services can be provided by a collection of several servers.
Then, we can use distributed or proactive security to improve the security of
the entire system, in spite of break-in to some of the servers (or, with
proactive security, even to all servers - but not at the same time).

Best Regards,
Amir Herzberg
Manager, E-Business and Security Technologies
IBM Research Lab in Haifa (Tel Aviv Office)
http://www.hrl.il.ibm.com
New e-mail: [EMAIL PROTECTED]
New Lotus notes mail: amir herzberg/haifa/ibm@IBMIL


Rick Smith <[EMAIL PROTECTED]> on 05/10/99 23:48:24

Please respond to Rick Smith <[EMAIL PROTECTED]>

To:   Ben Laurie <[EMAIL PROTECTED]>
cc:   [EMAIL PROTECTED] (bcc: Amir Herzberg/Haifa/IBM)
Subject:  Re: Internal vs external threats, any references?




I said:

>> If it's programmable it's vulnerable.

Ben Laurie replied:

>Oh, right. There's no attack you can defend against, right?

One has to be careful with one's universal quantifiers.

"There's no attack you can defend against." - false
"There are defenses against some attacks." - true
"There are defenses against all attacks." - false

My own experience makes me skeptical to the point of incredulity when
someone claims to be invulnerable to viruses and trojans. One can defend
against limited cases at best, and defenses get stretched to the breaking
point as time and technology move on.


Rick.
[EMAIL PROTECTED]
"Internet Cryptography" at http://www.visi.com/crypto/

Reply via email to