Becoming a "Linux Security Artist"
Apr 08, 2010, 18:32 (0 Talkback[s])
(Other stories by Jon "maddog" Hall)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"“When the cost of obtaining the information exceeds the
value realized by its possession, the solution is an effective
one.” - A Practical Guide to Red Hat Linux by Mark G. Sobell,
Third Edition (Prentice Hall), page 989.
"After forty years in the commercial computing business, the one
idea that has been drilled into me by security professionals is the
fact that there is no such thing as a secure computer system, only
levels of insecurity.
"Therefore the cost of keeping the information and system secure
has to be balanced with the cost of losing that information or
system, or having it damaged. Unfortunately the speed and
availability of the Internet combined with the low cost of very
powerful computers and network services have made the cost of
“cracking” go down and the cost of
“securing” go up.
"The most important thing in a secure system is to have a good
security policy. Without that, you are lost and will wander
ineffectively. Therefore you have to give thought as to who will be
able to do what, whether those limitations are discretionary or
mandatory and how you will implement and enforce those