[kwlug-disc] OpenVPN (Was: Re: firewall question)

unsolicited unsolicited at swiz.ca
Thu Feb 19 17:35:40 EST 2009 

Raul Suarez wrote, On 02/19/2009 1:04 PM:
> --- On Thu, 2/19/09, unsolicited <unsolicited at swiz.ca> wrote:
> 
>> So you have an unknown risk, and an unquantified down time
>> (bet your business) possibility. You try and protect
>> yourself.
>>
>> But how much is enough? We don't know.
> 
> Risk can never be 0. You have to exercise due diligence and manage the risk.

Of course.

But the amount of due diligence and mitigation you can do depends upon
the size of the organization.

And the smaller the organization the more you need to do, because
complexity per person decreases as size increases and the more actual
$ you can throw at a problem at any given time.

The smaller the organization the less you can do for lack of $ and the
more you depend upon 3rd parties - because as size decreases
individuals have more hats, and because their business is not
'computers', less and less knowledge about computers. To expect them
to have that knowledge is unrealistic.

Whether 1 computer, or 1 million, the issues are the same and must be
addressed. It is unrealistic and unreasonable to expect the person
with 1 computer to mitigate their risks, and have as deep an
understanding of computer technology, as the entire computer
department of the 1 million computer organization. [Granted - as you
get larger, you have more servers (SQL, E-mail, web), but you also
have more people to spread the cost across.]

Which is all why I say automagic on the fly anti-malware everywhere,
and blanket vpn bad. Because people use computers to do something, not
to have something else to take care of. Particularly against the
moving target of security - in a society that doesn't hold people
responsible and accountable. [Malware creators, ISPs that allow their
traffic / SPAM to pass, etc.]

Do you expect the same of:
- Manulife
- Your Mom and Dad
- Your wife, and kids
- yourself
- your neighbour
- Mom and Pop variety store

Now, take yourself out of the equation (i.e. an on-hand computer 
expert). Suppose you were a ditch digger. Revisit the above list.

Do you expect the same of both Manulife and everyone who might install 
Puppy?

Don't they all share a reasonable expectation of 'safety'? Don't Puppy 
installers trust the distro to be safe?

What is safe? (Is what it all really boils down to, I suppose.)

Nobody really knows.

How safe is safe enough?

More information about the kwlug-disc mailing list