I think part of the problem in security is some people are hellbent on saying there is no silver bullet to security, but then turn around and complain about everything that is not a silver bullet. If it adds to security but is not the silver bullet, it’s useless, broken, and stupid. It’s an odd little paradox some security folks have…

I would rather assume no security is absolute and instead put as many barriers between my crown jewels and the attackers. They need to earn it, and in the process I’m thwarting all the lesser attackers.

I think part of the problem in security is some people are hellbent on saying there is no silver bullet to security, but then turn around and complain about everything that is not a silver bullet. If it adds to security but is not the silver bullet, it’s useless, broken, and stupid. It’s an odd little paradox some security folks have…

I would rather assume no security is absolute and instead put as many barriers between my crown jewels and the attackers. They need to earn it, and in the process I’m thwarting all the lesser attackers.

I remember reading an article on some hacker’s challenge and a team wore all blue shirts and marched in with a lot of pomp. They were the first team crushed by the red team. Why? Because they stood out. Now the other teams were all slowly taken down, but my point is the one that drew the most attention was hit first.

The argument should be whether or not you choose to use security through obscurity, like you posted the other day. Just my two cents, a little extra security doesn’t hurt.

I remember reading an article on some hacker’s challenge and a team wore all blue shirts and marched in with a lot of pomp. They were the first team crushed by the red team. Why? Because they stood out. Now the other teams were all slowly taken down, but my point is the one that drew the most attention was hit first.

The argument should be whether or not you choose to use security through obscurity, like you posted the other day. Just my two cents, a little extra security doesn’t hurt.

You’re an absolute saint for rolling around in piles of logic with people all the time. Sadly it never seems to stick to some people. They simply ‘d|w’on’t get it =(

You’re absolutely correct about the merit of portknocking. We argued weather it was authentication or authorization when the paper was first published, but not weather or not it was part of security. Being two, hard headed, “security by philosophy” type people, that should’ve been your first clue you were right about it bing valuable. For sure one of us would have been arguing that it’s just a bad idea.

This guys argument to you is that camouflage is ineffective. That all someone has to do is watch for you to put on your gille suit then follow where you move to. If someone is able to watch you do your knock sequence, you have more serious issues at hand.

Cheers, -Dave

You’re an absolute saint for rolling around in piles of logic with people all the time. Sadly it never seems to stick to some people. They simply ‘d|w’on’t get it =(

You’re absolutely correct about the merit of portknocking. We argued weather it was authentication or authorization when the paper was first published, but not weather or not it was part of security. Being two, hard headed, “security by philosophy” type people, that should’ve been your first clue you were right about it bing valuable. For sure one of us would have been arguing that it’s just a bad idea.

This guys argument to you is that camouflage is ineffective. That all someone has to do is watch for you to put on your gille suit then follow where you move to. If someone is able to watch you do your knock sequence, you have more serious issues at hand.

Cheers, -Dave