[conspire] Servers and security

Carl Myers cmyers at cmyers.org
Thu Mar 29 09:21:44 PDT 2018


It depends so much on your threat model and what you are trying to accomplish...
this is my biggest pet peve about security.  People do things because some
website or resource says "this is secure" but they have no clue why.  If you
want to secure something, the first thing you have to do is figure out what you
are securing it AGAINST.  Guess what?  You can have 100% foolproof unhackable
security for your server, just disconnect it from the internet, turn it off,
bury it in a deep grave in a field somewhere where nobody will ever find it.
But that isn't very helpful is it?

A threat model outlines what threats you care about, and what threats you don't.
For example, let's say I deem it possible someone has a way to use a bug in
apache tomcat (the application server my service uses in this example) to
execute remote code, how would I deal with that?  Well, I could have the
application server run as an unprivileged user and harden things further with
SELinux and other techniques to try to minimize the damage such a user can do.
What if someone is capable of breaking encryption (P = NP)?  I consider that
highly unlikely, and if someone could do that the security of my application is
my last concern (oh no, my bitcoin!)

So the first step to security, IMO, is to decide what class of attackers you
care about, what they are capable of, and then how to best mitigate those
attacks.

Hope that helps,
-Carl

-- 
Carl Myers 
PGP Key ID 3537595B
PGP Key fingerprint 9365 0FAF 721B 992A 0A20  1E0D C795 2955 3537 595B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20180329/890e0d9c/attachment.pgp>


More information about the conspire mailing list