[AusNOG] RISK - IT Industry - Concern Over Equipment, Being, Installed in Data Centre Facilities - Further Replies
Chad Kelly
chad at cpkws.com.au
Wed Sep 28 16:20:17 EST 2016
Yes I get where you are coming from Mark.
I think having a multi layered approach is the way to go.
But I think, just not talking about security and related issues is just
silly.
As technology evolves all the time and both clients and vendors need to
be aware.
But I think some people in this thread are being overly paranoid and
over thinking some things.
On 9/28/2016 2:20 PM, Mark Smith wrote:
> On 28 September 2016 at 13:35, Chad Kelly <chad at cpkws.com.au> wrote:
>> On 9/28/2016 12:00 PM, ausnog-request at lists.ausnog.net wrote:
>>> Or should we perhaps talk about how easy it is to commit fraud?
>>>
>>> Yes... lets give blueprints to people who are motived by malice so that
>>> they can go off and do what we're suggesting puts us at risk.
>>
>> Security through obscurity just doesn't work.
>>
> Actually it commonly does, this often repeated cliche is a distortion
> of Kerckhoffs's principle, which was specific to crytographic
> algorithms -
>
> https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
>
> "In cryptography, Kerckhoffs's principle (also called Kerckhoffs's
> desideratum, Kerckhoffs's assumption, axiom, or law) was stated by
> Dutch cryptographer Auguste Kerckhoffs in the 19th century: A
> cryptosystem should be secure even if everything about the system,
> except the key, is public knowledge."
>
> Nature has been relying on obscurity for millennia - any animal that
> uses camouflage to hide itself is deploying obscurity, and many
> animals do. Human militaries have also successfully deployed obscurity
> via camouflage. Anybody using a firewall to block inbound ICMP pings
> is deploying obscurity.
>
> When applied more generally, the real point is that obscurity is not
> sufficient to be relied upon on alone. If the secret is discovered or
> disclosed, you need some other defensive measure. For example, zebras
> can also run very fast and kick, and camouflage tanks have big guns
> and are able to escape fairly promptly over very rough terrain because
> of their tracks rather than having wheels.
>
> Obscurity works well when it works, but fails absolutely when it fails.
>
>> Kids are taught how to use computers and the internet at a very young age
>> now a days.
>>
>> We have lawyers and signed agreements for a reason, when discussing
>> commercially sensitive data, that is why NDAs exist.
>>
> An NDA is actually "Security through obscurity". The secondary defence
> is the consequence of being sued for breaching the NDA.
>
>> As for discussing how to commit fraud and other such things, don't be
>> stupid.
>>
>> By all means discuss ways of preventing it though, plenty of discussions on
>> both preventing fraud and other security methods have taken place on the
>> various web hosting forums over the years.
>>
>> These were all public discussions.
>>
>> At the end of the day it all comes down to money and the team and or
>> partners that you have involved with the business.
>>
>>
>>
>> --
>> Chad Kelly
>> Manager
>> CPK Web Services
>> web www.cpkws.com.au
>> phone 03 9013 4853
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
--
Chad Kelly
Manager
CPK Web Services
web www.cpkws.com.au
phone 03 9013 4853
More information about the AusNOG
mailing list