Runall dvi
Download 499.36 Kb. Pdf ko'rish
|
1-m
|
660
Chapter 21 ■ Network Attack and Defense desktop computers, and by changing business methods that involve more outsourcing of functions — whether formally to subcontractors or informally to advertising-supported web apps. If some parts of your organisation can’t be controlled well (e.g. the sales force and the R&D lab) while others must be (the finance office) then separate networks are needed. The crumbling of the perimeter will be made even worse by mobility, and by the proliferation of web applications. This is complemented by a blunting of the incentive to do things at the perimeter, as useful things become harder to do. The difference between code and data is steadily eroded by new scripting languages; a determination to not allow javascript in the firm is quickly eroded by popular web sites that require it; and so on. And then there’s our old friend the Receiver Operating Characteristic or ROC curve. No filtering mechanism has complete precision, so there’s inevitably a trade-off between underblocking and overblocking. If you’re running a censorship system to stop kids accessing pornography in public libraries, do you underblock, and annoy parents and churches when some pictures get through, or do you overblock and get sued for infringing free-speech rights? Things are made worse by the fact that the firewall systems used to filter web content for sex, violence and bad language also tend to block free-speech sites (as many of these criticise the firewall vendors — and some offer technical advice on how to circumvent blocking.) Finally, security depends at least as much on incentives as on technology. A sysadmin who’s looking after a departmental network used by a hundred people he knows, and who will personally have to clear up any mess caused by an intrusion or a configuration error, is much more motivated than someone who’s merely one member of a large team looking after thousands of machines. Download 499.36 Kb. Do'stlaringiz bilan baham: 
|