[dnssec-deployment] dot MUSEUM implemented DNSSEC

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Tue Sep 23 12:58:30 EDT 2008


On Tue, Sep 23, 2008 at 08:50:53AM -0400, Dave Piscitello wrote:
> Hmmm...
> 
> I think the difference between these two statements is that "what 
> happens if I press this button?" is auditing and penetration testing, 
> i.e., it ought to be done in a contained environment.

	'cept when you are being "red-team'd" - there is nothing
	like agressive audit/penetration testing of your security 
	profile in real time to be truely confident in the security
	of your system.

	sandboxing is fine - needs to be done as part of the development
	process - but i am pretty sure that "live-fire" exercises are
	useful. Nothing like a creative, competent, agressive, and cooperative 
	attacker to help you tune your profile.


> "Where the rubber meets the road" is when you expose your system or 
> network to the possibility of attack and thus learn whether you designed 
> your tires to compensate for the most severe driving conditions :-)

	possibility is part of a planning process. to -know- if your plans
	work, you need to take those tyres out and see if the most severe
	driving conditions you could think of in the lab actually occur
	in nature.

> 
> bmanning at vacation.karoshi.com wrote:
> >On Mon, Sep 22, 2008 at 02:49:18PM -0400, Dave Piscitello wrote:
> >>Security and "what happens if I press this button?" are an odd couple...
> >>
> >
> >	actually, its where the "rubber meets the road"
> >
> >--bill
> >
> >#############################################################
> >This message is sent to you because you are subscribed to
> >  the mailing list <dnssec-deployment at shinkuro.com>.
> >To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> >A public archive is available here: 
> ><http://mail.shinkuro.com:8100/Lists/dnssec-deployment/>
> >and older material is at
> ><http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>
> >





More information about the Dnssec-deployment mailing list