[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200505220341.j4M3fJOE001804@turing-police.cc.vt.edu>
Date: Sun May 22 04:41:31 2005
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Can ISO15408 evaluated products be trusted?
On Sat, 21 May 2005 06:36:29 PDT, Nora Barrera said:
> What's the use of security functions if they can be circumvented?
Rule #1 of security: It's never perfect.
Rule #2 of security: It's stupid to spend more effort on security than you
need to.
Rule #3 of security: Good security features raise the attacker's cost faster
than they raise your cost. Bad security features are the opposite.
Rule #4 of security: The "right security" is that set of features which raises
the attacker's cost to equal the value of the target, while having the lowest
total sum cost to you.
Almost all bank vaults have security functions (big lockable doors, solid walls,
and so on). The fact that they are still circumventable doesn't mean they're
useless. If the bank has (for instance) an average of $150K in the vault at
a given time, they don't need perfect security - they only need enough security
so it costs an attacker at least $150K to break it. Yes - there's probably some
psycho asshole bank robber who will attack the bank *anyhow*, even if it costs
him $250K and he ends up $100K in the hole. Since it's going to cost you
a lot *more* to stop the $250K attack, your best bet at that point is to
quit improving the security any further, and just shell out the $5K/year in
insurance premiums to cover the bank's losses.. ;) (This also explains why
major branches that may have $3M in cash have lots more sophisticated vaults
than tiny branches, which tend to the wimpier vaults...)
Why is the credit card system basically insecure? Because the banks have
figured out that if they spend $X, the fraud rate will be 3%, but to push it down
to 1% would cost a LOT more $X. What maximizes their return seems to be
spending enough on security to keep the fraud rate around 2%.
Schneier's "Secrets and Lies" has a lot more good stuff to say about this...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050521/02ffec9e/attachment.bin
Powered by blists - more mailing lists