Jim Popovitch <jimpop@yahoo.com> writes:
Jerry Pasker wrote:
The point is: What's more damaging? Being open with the maps to EVERYONE can see where the problem areas are so they can design around them? (or chose not to) or pulling the maps, and reports, and sticking our heads in the sand, and hoping that security through obscurity works.
Let's look at this from another point of view: Should we remove all keylocks from backhoes so that everyone can have access to them? :-)
This analogy is faulty, but illuminating insofar as it illustrates the fallacy of putting up low bars to access that don't actually stop people who're willing to put a little bit of effort into beating it. Keylocks only work when your threat model is drunk fratboys or bored teenagers (which is not necessary a disjoint set). They aren't a significant part of the threat model for intentional fiber cuts. Any John Deere dealer will be able to supply you with a key that operates the vast majority of John Deere equipment of a certain type. Anyone who can plan ahead enough to order from eBay is in like Flynn. http://cgi.ebay.com/12-JD-Keys-3-John-Deere-Equipment-Key-Sets-NEW_W0QQitemZ...
I'm all for openness, but sometimes some things only need to be accessed and used by the professionals that need those things. I fully trust that the big network operators, the ones that really really do need this data, have all the info they need to plan their network expansions, etc. I don't need to see this data, even though I might want to.
Then don't look at it. :) ---Rob