So there is where that handbook paragraph came from. Kill it here too.
Remove a paragraph about over building security, it's a bit off. Discussed with: des, FreeBSD-security
This commit is contained in:
parent
baa1277289
commit
8d3cfc6184
@ -23,7 +23,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd November 29, 2004
|
||||
.Dd September 8, 2006
|
||||
.Dt SECURITY 7
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -54,19 +54,6 @@ Security is best implemented through a layered onion approach.
|
||||
In a nutshell,
|
||||
what you want to do is to create as many layers of security as are convenient
|
||||
and then carefully monitor the system for intrusions.
|
||||
You do not want to
|
||||
overbuild your security or you will interfere with the detection side, and
|
||||
detection is one of the single most important aspects of any security
|
||||
mechanism.
|
||||
For example, it makes little sense to set the
|
||||
.Cm schg
|
||||
flags
|
||||
(see
|
||||
.Xr chflags 1 )
|
||||
on every system binary because while this may temporarily protect the
|
||||
binaries, it prevents an attacker who has broken in from making an
|
||||
easily detectable change that may result in your security mechanisms not
|
||||
detecting the attacker at all.
|
||||
.Pp
|
||||
System security also pertains to dealing with various forms of attacks,
|
||||
including attacks that attempt to crash or otherwise make a system unusable
|
||||
|
Loading…
Reference in New Issue
Block a user