Good example of one of those counter intuitive security things

By Rory2 on February 22, 2006 6:48 PM

Insights into Information Security: IPSEC everywhere? Bad idea

Excellent post pointing out why encryption can be a bad thing. It sounds counter-intuitive at first, in that security people will spend a lot of time telling you to use things like SSH instead of telnet and SFTP instead of FTP because the they use encryption...

but too much encryption can be a bad thing. It can blind devices like Intrusion detection systems and actually help an attacker, if that attacker has already broken into an endpoint system, and in the majority of attack scenarios that will be the case...

so the net effect of encrypting everything is actually a decrease in security...

Categories:

Categories

Monthly Archives

About this Entry

This page contains a single entry by Rory2 published on February 22, 2006 6:48 PM.

Handy list of online tools was the previous entry in this blog.

noooooooo. is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Pages

Powered by Movable Type 4.37

Search

About this Entry

This page contains a single entry by Rory2 published on February 22, 2006 6:48 PM.

Handy list of online tools was the previous entry in this blog.

noooooooo. is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.