|
|
|
|
|
|
by ziddoap
743 days ago
|
|
|
>I'm still confident that investing in securing unauthorized user access is still orders of magnitude more useful than putting time and effort into this vector. These are addressing two different scenarios, so they should be mitigated separately. In one case, you are mitigating against unauthorized access. In the other, you are mitigating the damage that can be done when someone has already gained unauthorized access (however that occurred). After all, the only system immune to unauthorized access is the one that doesn't get powered. "Defense in-depth" is thrown around a lot, but it really is important. I do agree though, when it comes to priority of implementation, I would start with protecting against unauthorized access first. |
|
|