From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Sun Aug 18 2002 - 13:23:32 MDT
On Sunday, August 18, 2002, at 05:44 am, Anders Sandberg wrote:
> OK, I perhaps should explain a bit more clearly why I would trust
> layered but imperfect defenses (although Bruce Schneier does a better
> job at that).
You are absolutely correct, Anders. (As usual. Why would anybody be
surprised?) This concept that layered security of lesser strengths is
better than a single stronger layer of security has become a standard
tenet of security design. It is taught in engineering courses and
required knowledge for all security certifications I know. This is
covered in the first day of the SANS (system and network security)
course. This is taught to every CISSP.
Any freshman engineer trying to calculate mean-time-to-failure must know
how to calculate and prove this. IBM network designs call for two or
more smaller firewalls in layers rather than a super-strong firewall
controlling everything. Even manufacturers of toilet paper, paper
towels, and garbage bags have learned that multiple cheaper plies turn
out much stronger than a single tougher ply. This simply works better
because of the diversity. Each layer will resist different unknown
attacks in the future. No single attack is likely to get through all
layers.
-- Harvey Newstrom, CISSP <www.HarveyNewstrom.com> Principal Security Consultant <www.Newstaff.com>
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:13 MST