Update to BCP-38?

Tue Oct 8 13:59:58 UTC 2019

Not everyone attacking your systems is going to have the skills or knowledge to get in though - simple tricks (like hiding what web server you use) can prevent casual attacks from script kiddies and others who aren't committed to targeting you, freeing your security teams to focus on the serious threats.

Mark

-----Original Message-----
From: NANOG <nanog-bounces at nanog.org> On Behalf Of Rich Kulawiec
Sent: 08 October 2019 14:51
To: nanog at nanog.org
Subject: Re: Update to BCP-38?

On Tue, Oct 08, 2019 at 01:35:16PM +0100, Mike Meredith via NANOG wrote:
> You've ignored step 1 - identifying critical information that needs
> protecting. It makes sense to protect information that needs
> protecting and don't lose sleep over information that doesn't need
> protecting. Not many of us are planning an invasion of a Nazi-infected Europe any time soon.

We are heading toward a restatement of Kerckhoff's principle/Shannon's maxim, the latter of which can be paraphrased as "design systems assuming that your adversary will know as much about them as you do".

Not that I'm advocating publishing all internal design documents, but systems whose security is predicated on the secrecy of those are brittle and likely to be badly compromised.  Better to assume that enemies know or can find out everything and design/build accordingly.

---rsk
This Email from Marie Stopes International and any attachments may contain information which is privileged or confidential. It is meant only for the individual(s) or entity named above. If you are not the intended recipient(s) of this Email or any part of it please notify the sender immediately on receipt and delete it from your system. Any opinion or other information in this email or its attachments that does not relate to the business of Marie Stopes International is personal to the sender and is not given or endorsed by Marie Stopes International.