|
|
|
|
|
|
by dfc
4520 days ago
|
|
|
This is a little myopic but understandable in the context of a discussion on HN. Infosec is hard,
but it is just one example of a bigger truth: Defense is hard. This comes up time and time again in any defensive discipline: Over two decades the CIA had learned again and again that it could not hope to
defend against terrorists by relying solely on its ability to detect specific
attacks in advance. No matter how many warnings they picked up, no matter how
many terrorist cells they disrupted, at least some attackers were going to
get through. Officers in the CTC privately compared themselves to soccer
goalies: They wanted to be the best in their league, they wanted to record as
many shutouts as possible, but they knew they were going to give up scores to
their opponents. Ultimately, many of them believed, the only way to defeat
terrorists was to get out of the net and try to take the enemy off the field.[1]
The final sentence above highlights the one pecularity of InfoSec; you do not have any
offensive capabilities.[1]: "Ghost Wars" (Steve Coll) pg 505 |
|
|
This may just end, like nuclear warfare, in MAD... But it would be great fun to watch!
http://en.wikipedia.org/wiki/Client_honeypot
http://books.google.com.au/books?id=YQmWtsqlvfMC&dq=active+h...
http://en.wikipedia.org/wiki/Mutual_assured_destruction