[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Windows 2000 and Cicsco router interoperability
On Mon, 22 May 2000, Glen Zorn wrote:
> Such assurances are unnecessary. In the final analysis, if security is
> important to customers, they will buy secure products and configure them
> correctly. If security isn't important to customers, no number of
> 'standards-specified approaches' will have any effect.
Real life is not so Boolean in nature.
Granted, if security isn't important to the customer, their security is
likely to be weak. But careful design by specifiers and suppliers can
have a big effect on *how* weak it is, both by avoiding gratuitous holes
and by influencing customer behavior in the right direction. Such
measures can considerably improve the odds that a cracker will pick on
somebody else. (Flu vaccination will not guarantee that you don't get the
flu, but it considerably improves the odds of getting only a mild case.)
On the flip side, as witness various recent DoS attacks, poor security on
one site can be harmful to others as well. So just because a customer
cares about security and has done things right at his site, that doesn't
mean his security can't be improved further by good hygiene elsewhere.
(The reason you are unlikely to catch smallpox today has little to do with
your being vaccinated 20-30 years ago -- it's unlikely that you have any
major lingering immunity after so long -- and a lot to do with everybody
*else* having been vaccinated then too.)
Henry Spencer
henry@spsystems.net
Follow-Ups:
References: