> yes exactly, I know who is the attacker and he has really great of resources and power.
> Most probably he is responsible of the death of a guy in my country.
> Many people have preconceived ideas about security and about the attackers.
> Many people think that an hacker is pushed by money or some kind of interest and
> attack just people that he doesn't know. If the attacker fail with a target he just
> change target. Then a victim that describe a situation outside of this schema most
> probably will be classified as a paranoid or a troll.
Do you have reason to believe, that this evil person has control over your hardware
deliveries? Do you have some procurement process in place, which guarantees, that this
person can not intercept and xompromise such a shipment? To which extent would you
trust authorities to protect you?
Once this is done: what is your attack surface? What are the applications facing the
big bad internet? Do you have to run public facing services? Is there a way to restrict
the level of "public"? DO you have to run applications which connect to random servers
on the internet? Have you thought about running these in a virtual machine with snap
shoting enabled, which allows you to return to a known safe state?
No comments:
Post a Comment