Remove a paragraph about over building security, it's a bit off.
Discussed with: des, FreeBSD-security
This commit is contained in:
Tom Rhodes
parent
386767530c
commit
ea559dd2d7
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=28617
1 changed files with 0 additions and 14 deletions
|
|
@ -127,20 +127,6 @@
|
||||||
today's desktops, and as computers become networked and
|
today's desktops, and as computers become networked and
|
||||||
internetwork, security becomes an even bigger issue.</para>
|
internetwork, security becomes an even bigger issue.</para>
|
||||||
|
|
||||||
<para>Security is best implemented through a layered
|
|
||||||
<quote>onion</quote> approach. In a nutshell, what you want to do is
|
|
||||||
to create as many layers of security as are convenient and then
|
|
||||||
carefully monitor the system for intrusions. You do not want to
|
|
||||||
overbuild your security or you will interfere with the detection
|
|
||||||
side, and detection is one of the single most important aspects of
|
|
||||||
any security mechanism. For example, it makes little sense to set
|
|
||||||
the <literal>schg</literal> flag (see &man.chflags.1;) on every
|
|
||||||
system binary because
|
|
||||||
while this may temporarily protect the binaries, it prevents an
|
|
||||||
attacker who has broken in from making an easily detectable change
|
|
||||||
that may result in your security mechanisms not detecting the attacker
|
|
||||||
at all.</para>
|
|
||||||
|
|
||||||
<para>System security also pertains to dealing with various forms of
|
<para>System security also pertains to dealing with various forms of
|
||||||
attack, including attacks that attempt to crash, or otherwise make a
|
attack, including attacks that attempt to crash, or otherwise make a
|
||||||
system unusable, but do not attempt to compromise the
|
system unusable, but do not attempt to compromise the
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue