[CentOS] an actual hacked machine, in a preserved state

Drew drew.kay at gmail.com
Wed Jan 4 04:20:47 UTC 2012


>> If attack A is 1,000 times more likely
>> to work than attack B, you don't think it's more important to guard
>> against attack A?
>
> It's not either/or here.  You could be the guy who gets hit by lightning.

I'm not sure I entirely agree with you there Les.

I'm not going to delve into the intricacies of Cost / Benefit analysis
(it made my head spin in my accounting school days) but basically,
protecting against threats is in part a case of weighing the costs of
setting up the protection vs the benefits of being 'immune' to such an
attack adding in a dash of probability and stirring the whole mess in
a black cauldron. What comes out is what the Bean counters consider an
acceptable cost for that protection.

Case in point, I have several web servers sitting in a rack in our
server room. I'm more likely to suffer an attack on my key
infrastructure through a compromised web server then I am through
someone breaking down the door and entering the room. If I asked for a
security system that included bio-metric access control systems, I'd
be laughed at and denied. OTOH, I have a firewall with a DMZ that is
both physically and logically isolated from the internal network and
has IDS/IPS running on all traffic passing through.

At the end of the day, there are finite resources anyone can spend
protecting their organization and sometimes, hard choices have to be
made. We have threats X, Y, and Z but only enough to protect against 2
of them. Which ones would you chose to protect?

-- 
Drew



More information about the CentOS mailing list