Aggressive Security Revisited presented at BlackHatAsia 2002

by Riley "Caezar" Eller,

Summary : Defensive security models were adopted in the past in many cases because they were cheap. Over time the value proposition has changed but much of the world has failed to reevaluate their position. White-list security models can be undervalued due to misconceptions about the relative costs involved. With recent advances in help-desk automation, even the original cost concerns can be allayed.
We will discuss self-maintaining white lists, automated password recovery, and shared-list web filtering as exemplify the 'default deny' mindset deemed impractical in days gone by.