Security by design and security by obscurity are not necessary "either-or" options. But, on below paragraph, my emphasis was wholesale cost-benefit analysis not on the best security techniques that the industry currently offers and was needed ages ago on all local privately-owned infrastructure. Past threads reveal how missing-in-implementation that has been.We could find ourselves lame ducks immediately the fibres are lit, Yes/No? On Wed, Jul 15, 2009 at 2:39 PM, Michuki Mwangi<michuki@swiftkenya.com> wrote:
Gakuru Alex wrote:
But look at it from a cost-benefit analysis angle. The cost of educating every Civil Servant to ensure all their communications are encrypted. Or (lesser?) costs of implementing the same on every government servers versus the putting of up "GoK-Intranet" GIXP costs. I would bet on GIXP costs being way much lower (and lesser maintenance costs)
What you seem to imply is security through obscurity. Security will have to be built regardless - if you watch whats happening now in most govts you will realise this is not an option. For the same reasons .gov is now a signed zone even before the root is signed goes to tell where everyones thinking is.
Regards,
Michuki.