On Sun, Aug 11, 2013 at 10:39:55AM -0400, Sean Alexandre wrote:
your more typical sys admin could find and use. They might not have everything, but enough to make their services 99.99% secure. Those that provide the info would probably still have some things to their own and be 99.9999% secure.
Security doesn't work that way. Keeping your system secure is like walking a tightrope across a gorge filled with ravenous tigers every morning. There are a billion ways to fuck up and get owned/eaten by the tigers, and asking someone who's successfully walked the tightrope every day for 40 years "tell me your secret?" completely misses the point. The expert can share advice and point out when you're about to step off the tightrope, but no kind of advice can substitute for your own caution and experience. Pretending that a magic balance bar, or a magic technique that can be applied without careful thought, or a magic shoe that will make you stick to the rope, will save you is the kind of thing that works in a fairy tale but not in real life. The analogy breaks down, though, because in fact you can get totally owned, through and through; exfiltrated, impersonated, and strung up by a prosecutor before a secret grand jury before you even learn that your security has failed. At least the tiger has the courtesy of giving you pain when you fail. -andy