Remove a paragraph about over building security, it's a bit off.

Discussed with: des, FreeBSD-security
svn path=/head/; revision=28617
2006-09-08 00:30:51 +00:00 · 2006-09-08 00:30:51 +00:00 · ea559dd2d7 · 2020-12-08 03:00:23 +00:00
commit ea559dd2d7
parent 386767530c
1 changed files with 0 additions and 14 deletions
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@ -127,20 +127,6 @@
      today's desktops, and as computers become networked and
      internetwork, security becomes an even bigger issue.</para>

-    <para>Security is best implemented through a layered
-      <quote>onion</quote> approach.  In a nutshell, what you want to do is
-      to create as many layers of security as are convenient and then
-      carefully monitor the system for intrusions.  You do not want to
-      overbuild your security or you will interfere with the detection
-      side, and detection is one of the single most important aspects of
-      any security mechanism.  For example, it makes little sense to set
-      the <literal>schg</literal> flag (see &man.chflags.1;) on every
-      system binary because
-      while this may temporarily protect the binaries, it prevents an
-      attacker who has broken in from making an easily detectable change
-      that may result in your security mechanisms not detecting the attacker
-      at all.</para>
-
    <para>System security also pertains to dealing with various forms of
      attack, including attacks that attempt to crash, or otherwise make a
      system unusable, but do not attempt to compromise the