” I’ve seen a lot of discussion recently of various computer
security techniques. It seems everyone has their own favorite
solution, which they feel is the correct one, and all other
solutions are of course flawed and inferior. But the truth is even
simpler: all security techniques are flawed.”
“No matter how well something is planned and implemented, there
will still be some exploitable problem. Does this mean that a
flawed security technique should not be used at all? Consider this:
locks on doors (Yale locks, even a good dead bolt) can easily be
defeated by a determined attacker. They will simply take a crowbar,
and using brute force, rip the door off its hinges and force their
way in. The same applies to cars. I don’t care how
sophisticated your car door’s lock is — I can just smash the
window in with a brick….“
“When it comes to network and system security, there are a
number of techniques in popular use to secure against intrusion.
The first and simplest is to remove all unneeded services, and
restrict access to any remaining services where possible. This is
similar to building a high-security facility with no windows on the
ground floor, and only one main entrance. This, of course, does
nothing to directly increase security at the remaining access
points; however, you can concentrate your finite resources on less
likely problems, resulting in better coverage.”