[kwlug-disc] OpenVPN (Was: Re: firewall question)
unsolicited at swiz.ca
Thu Feb 19 01:18:39 EST 2009
Cedric Puddy wrote, On 02/19/2009 12:25 AM:
> Sure, unless you happen to subscribe to the view that most VM
> implementations are terribly insecure... (Why is it that any attempt to
> reach for certainty while in the presence of the concepts "computing"
> and "security" suddenly turns into an Alice in Wonderland adventure?)
Thank you for that. Hilarious.
The biggest 'problem' with "computing security" is FUD.
"Somebody might hack us ... we have to protect ourselves!"
As I noted elsewhere ... the significant problem is ... how would you
know if you were? Was that data error due to a hacker, or somebody
transposed digits? (Taking out the "it won't turn on" scenarios.)
Qualifying and quantifying the risk seems to go out the window (and to
Alice and Wonderland we go). Never mind that the cost of the proposed
system would be more than the cost of a steno pool retyping in the
data by hand.
The security industry has done a good job: Oh no, there are viruses
Industry itself, in a sense, has not done itself any favours - no,
let's not let anyone know that we got hacked. (So nobody can get a
handle on the risk or likelihood of getting hacked themselves.)
Things like the credit card information scandal (Winner's parent ... I
can't think of the real names at the moment) don't help.
So you have an unknown risk, and an unquantified down time (bet your
business) possibility. You try and protect yourself.
But how much is enough? We don't know.
Is your vm _likely_ to be hacked? No. If it is hacked, are they
_likely_ to be able to do anything more than bring down the vm or the
machine? No. Even if that happens, can you live with the less than 24
hours before somebody notices and reboots the machine, and copies the
good backup copy of the vm? Probably. (But how do you know the good
backup copy isn't corrupted too?)
Do you want to be the one who let the unlikely actually happen?
"Nobody got fired for buying IBM."
What are you more at risk for:
- spilling a pop on a server keyboard?
- someone else deleting your critical document (such as the
presentation you have to do tomorrow), including those cases where the
someone is you?
- someone tripping over a computer and now it won't boot?
- getting a paper cut?
- your child trying to help you with the computer?
- getting hacked?
- physical computer theft with critical or confidential data on it?
- accidentally replying to everyone in the company?
- forgetting your keys (to the server room)?
And let's not hold the ISP's feet to the fire. DoS attack? How was it
even allowed to get through the ISP? We'll just leave SPAM alone for
More information about the kwlug-disc