Fiber cut in SF area

• Previous message (by thread): Fiber cut in SF area
• Next message (by thread): Fiber cut in SF area
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> Joe Greco wrote:
> 
> > My point was more the inverse, which is that a determined, equipped,
> > and knowledgeable attacker is a very difficult thing to defend against.
> 
> "The Untold Story of the World's Biggest Diamond Heist" published 
> recently in Wired was a good read on that subject:
> 
> http://www.wired.com/politics/law/magazine/17-04/ff_diamonds

Thanks, *excellent* example.

> > Which brings me to a new point:  if we accept that "security by obscurity
> > is not security," then, what (practical thing) IS security?
> 
> Obscurity as a principle works just fine provided the given token is 
> obscure enough. 

Of course, but I said "if we accept that".  It was a challenge for the
previous poster.  ;-)

> Ideally there are layers of "security by obscurity" so 
> compromise of any one token isn't enough by itself: my strong ssh 
> password (1 layer of obscurity) is protected by the ssh server key (2nd 
> layer) that is only accessible via vpn which has it's own encryption key 
> (3rd layer). The loss of my password alone doesn't get anyone anything. 
> The compromise of either the VPN or server ssh key (without already 
> having direct access to those systems) doesn't get them my password either.
> 
> I think the problem is that the notion of "security by obscurity isn't 
> security" was originally meant to convey to software vendors "don't rely 
> on closed source to hide your bugs" and has since been mistakenly 
> applied beyond that narrow context. In most of our applications, some 
> form of obscurity is all we really have.

That's really it, and bringing us back to the fiber discussion, we are
forced, generally, to rely on obscurity.  In general, talk to a hundred
people on the street, few of them are likely to be able to tell you how
fiber gets from one city to another, or that a single fiber may be 
carrying immense amounts of traffic.  Most people expect that it just
all works somehow.  The fact that it's buried means that it is
sufficiently inaccessible to most people.  It will still be vulnerable
to certain risks, including backhoes, anything else that disrupts the
ground (freight derailments, earthquakes, etc), but those are all more
or less natural hazards that you protect against with redundancy.  The
guy who has technical specifics about your fiber network, and who picks
your vulnerable points and hits you with a hacksaw, that's just always
going to be much more complex to defend against.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

• Previous message (by thread): Fiber cut in SF area
• Next message (by thread): Fiber cut in SF area
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]