[conspire] Servers and security
Carl Myers
cmyers at cmyers.org
Thu Mar 29 14:09:06 PDT 2018
> So the first step to security, IMO, is to decide what class of attackers
> you
>
> ^^^^^^^^^^. The way I was taught is that the first step is
> to estimate the value of what it is you are trying to protect. That way,
> you invest in security in proportion to the value of what is at risk. So,
> one might invest less in security to protect a LAN file server containing
> recent newspaper photos than one would use to protect a bank wire transfer
> server.
> I realize the thread was started as a learning vehicle so it might be
> useful to consider security as a spectrum of possibilities ranging from
> basic prudent practice up to extreme hardening (with probably a decrease
> in ease of use and access).
This is *also* a very good step, and in a way we are saying something very
similar. If your data is "random public tweets I scraped off of twitter", why
would anybody even care to steal it? On the other hand, if your data is "logins
and passwords for thousands of users' banking websites" your class of potential
attackers is large indeed, and thus you must assume their capabilities are
equivalently impressive. The threat models that acknowledge the most unlikely
and impressive technical feats are reserved for the most advanced attackers
(often called Advanced Persistent Threats, or APTs), which generally mean entire
nation-states with nearly limitless resources (Russia, China, the NSA, etc).
Does the NSA or KGB want to see your data? Then you had better defend it
against a would-be attacker capable of launching brute-force attacks which
require millions of dollars of hardware to execute.
-Carl
--
Carl Myers
PGP Key ID 3537595B
PGP Key fingerprint 9365 0FAF 721B 992A 0A20 1E0D C795 2955 3537 595B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20180329/891d22e4/attachment.pgp>
More information about the conspire
mailing list