|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [discuss] RAID Fail with MDK 9.2
From: Vincent Danen (vdanen
mandrakesoft.com)
Date: Sat Apr 03 2004 - 19:54:39 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Apr 3, 2004, at 12:33 PM, Ying-Hung Chen wrote:
> Yes, I remember that definition from CISSP book. However, How about
> harddisk failure? network goes down? power supply blow up? Those
> affect availability too.
>
> unfortunately, with the limited resources, only the 'exploitable'
> vulnerabilities will be considered as 'security' issue.
This has nothing to do with resources, but rather with what makes sense
for a mailing list discussing security topics. This is not
ciamandrakesecure.net.... this list is for discussing security issues,
and whether integrity and availability (confidentiality I will concede)
in some way constitutes "security" is irrelevant.
You're right... a harddisk failure, network outtage, other hardware
problems, etc. are all issues with availability. A hard disk problem
could be considered an issue with data integrity.
But if we all feel that those are on topic for this list, I'd rather
fold the list and punt everyone over to the expert mailing list. Those
are day to day run-of-the-mill issues that affect everyone, interested
in security or not. This list was created to discuss topics of
security... things such as authentication, vulnerabilities, exploits,
secure system configuration, etc. If there is no interest in limiting
the scope of the list without someone jumping on their proverbial
soapbox to tell me what is and is not security related, I have no
problem dissolving the list because then the intent behind the list is
no longer important. This becomes just another two-bit discussion list
on anything you feel like talking about because somehow, someway, to
someone, it pertains to security, to some degree.
So rather than arguing semantics, let's keep the list focus to what it
should be. It is *not* C-I-A.
If you like, I can draw up a better illustrative set as to what should
be considered on topic for this list, but I'd rather not. I think it
should be clear enough what a list about security should consider on
topic.
No, this is not directed to you personally, Ying... =) I know you know
what this list's focus is. This is a general message that happened to
use your message to trigger my reply. This is pretty much to everyone
who feels that discussing off topic things is on topic, and
particularly those who feel like arguing about it.
> Anton Aylward CISSP CISA wrote:
>> Given that security is primarily about C-I-A
>> Confidentiality
>> Integrity and
>> Availability
--
Mandrakesoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAb2rfIEPQ5f5vKv0RAmefAJ46nf+Un6ZtPF6UEIVlJXz0BbUQiACfeBrd
D0V4AWE64fkYOtlFODJwjcs=
=YGHz
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]