lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6378AF0419997E4AB0375E3C92E6CE9304C14E@tehilamail.tehila.gov.il>
From: yehudi at tehila.gov.il (Yaakov Yehudi)
Subject: Security & Obscurity: physical-worldanalogies

 
On Thu, 2004-09-02 at 11:24, Peter Swire wrote:
> 	I think there is a strong analytic similarity between a firewall
and 
> physical settings where guards are deciding whether to let 
> people/trucks/etc. through a gate.
> [...]
> 	In both cases, there is "filtering" by the defenders.  Some
entrants 
> are excluded.  Some get more intensive screening.  The level of 
> filtering varies with the perceived level of the threat.

Frank Knobbe replied...

I was trying to stay out of this discussion, but I do have to throw in
some comments. I do not believe that we can make accurate and meaningful
analogies between the physical realm and the information technology
realm or cyber space or whatever you want to call it.

The analogies we to make "appear" to serve our purpose for making it
easier to understand the difficult issues surrounding IT based
scenarios, but in fact are presented solely for one situation. Any
modification of the situation, and reaction scenarios, break down
quickly because they can not be performed in both worlds with the same
results and same action-reaction behavior.

Case in point: You say firewalls are like entrances. People (on lieu of
packets) are inspected and gain entrance or not. For a single
person/packet, this works. While in the physical the person can not
circumvent the entrance, in the information world this is quite easily
achieved. In cyber space, the person-packet would just clone or copy
itself a million times, overwhelming the inspectors and slip passed the
checkpoint.

Umm.. Unless we fail closed.

YY


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ