Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Article: "Security Absurdity: The Complete, Unquestionable, And Tota

from [Stephen John Smoogen] Network Security [Permanent Link]
Subject: Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security."
Date: Wed, 17 May 2006 17:07:18 -0600
On 5/16/06, Jason Muskat <Jason@techdude.ca> wrote: 
Hello,

Security has to be correct 100% of the time. One omission can lead to an
exposure. Count yourself lucky that your vulnerabilities haven't been
exposed (that you know of -- Think Ohio State's exposure
<http://www.ohio.edu/datatheft/alumni/index.cfm>). Many organizations cover
up (do not report to governmental authorizes) every exposure that occurs.
This is the norm.


The only 100% correct all the time system is the one that has been
turned off and buried in a Nickel lined concrete bunker 100 feet from
anything. You are going to be lucky if you see 95% of the time over
say a year that you are not going to see some sort of breach somewhere
on any large system. That doesnt mean you do not try to protect to
your best ability, but you also need to make sure that you are
prepared for what happens when the breach occurs. And that means
beyond "Cover our butt and point our fingers at xyz user, contractor,
etc as the source of the problem"


--
Stephen J Smoogen.
CSIRT/Linux System Administrator

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Tons of Source port 80 to random Dest Port Traffic, Tom Hayden
Next by Date:  Re: Re: Article: "Security Absurdity: The Complete, Unquestionable, And TotalFailure of Information Security.", generaldisarray04
Previous by Thread:  Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security.", Jason Muskat
Next by Thread:  Re: Article: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security.", Jason Muskat
Indexes:  [Date] [Thread] [Top] [All Lists]