On Mon, Jan 10, 2011 at 02:52:56PM -0500, Lamar Owen wrote: > On Friday, January 07, 2011 09:25:59 am David Sparro wrote: > > I find that the security "Layers" advocates tend not to look at the > > differing value of each of those layers. > > Different layers very much have different values, and, yes, this is often > glossed over. > > > Going back to the physical door analogy, it's like saying that a bank > > vault protected by a bank vault door is less secure than a vault with > > the bank vault door AND a screen door. > > More analogous would be the safe with glass relockers and a vial of > tear gas behind the ideal drill point. Yes, those do exist, and, > should you want to see a photo of such a vial, I can either provide > one (have to take the photo with the safe door open next time I'm on > that site, which may be a while with all this snow and ice on the > ground) or you can find pics through google. > > Even physical locks have layered security principles. Think Medeco > locks with chisel-pointed pins and the associated sidebar in the > center, or ASSA's Twin double-stack pin technology, or the use of > spool pins in locks, or Schlage's Primus system (also sidebar driven) > or anti-drill armor in front of the pin stack (to prevent drilling the > shear line), etc. The use of layers in the physical security realm > is a proven concept, and the synergy of the layers has been shown > effective over time. Not totally secure, of course, but as the number > of layers increases the security becomes better and better.
My father used to tell me that "Locks keep the honest people out." He was right; the clever non-honest are the ones we have to deal with at that level. Computers are so great a force multiplier that we are having to do the same sorts of things to defend against assaults from them. -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
