From owner-freebsd-security Sun Apr 8 2:45:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailgate.kechara.net (mailgate.kechara.net [62.49.139.2]) by hub.freebsd.org (Postfix) with ESMTP id D13A537B424 for ; Sun, 8 Apr 2001 02:45:52 -0700 (PDT) (envelope-from lee@kechara.net) Received: from area57 (lan-fw.kechara.net [62.49.139.3]) by mailgate.kechara.net (8.9.3/8.9.3) with SMTP id LAA20775; Sun, 8 Apr 2001 11:58:55 +0100 Message-Id: <200104081058.LAA20775@mailgate.kechara.net> Date: Sun, 08 Apr 2001 10:48:38 +0100 To: "Jacques A. Vidrine" , John Howie Cc: Crist Clark , freebsd-security@FreeBSD.ORG From: Lee Smallbone Subject: Re: Theory Question Reply-To: lee@kechara.net Organization: Kechara Internet X-Mailer: Opera 5.02 build 856a X-Priority: 3 (Normal) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks to everyone who has replied thus far. It has been very enlightening! 07/04/2001 14:00:40, "Jacques A. Vidrine" wrote: >If the `key' to your security is obscurity of your internal network >configuration, expect to be comprimised. This information is not hard >to obtain by a determined attacker, and technology is probably not >even an issue. Of course, there is an element of StO that is beneficial. There are (on last estimation), 1-4,000 blackhats and 200,000 script kiddies. The chances are that if you do not posses anything vaguely interesting (such as credit cards transactions, medical records or whatever) blackhat attention will be somewhat lower (but non-zero). It is *far* more likely script kiddies will be the thorn in your foot, thus StO will probably ward of 40-60% of kiddies, as they cannot easily obtain what they need. "Just enter a different subnet and try again..." Proactive security will nab a further 30%, leaving just 10% to be of concern. Just my two cents anyway. -- Lee Smallbone Kechara Internet lee@kechara.net www.kechara.net Tel: (01243) 869 969 Fax: (01243) 866 685 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message