Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It does. I've deployed systems that would not only notify staff when novel packets were observed but immediately isolate anomalous hardware through a combination of powerdown and network fabric reconfiguration.


The amount of false positives a system like that would generate would rapidly render such a system entirely unusable.


Not in a secure environment... where you are supposed to control the hardware, the software, and the network absolutely.


The only way to create such an environment is to totally disconnect it from the outside world -- I'm talking even power source, phones, internet, all of it has to be disconnected or else I can exfil data all day long and nobody would ever know.


Yes, but eventually you have to get something done.

Security engineering is about tolerable failure modes. - Dan Geer (2014)


He was the "first employee and architect @ Kraken (2011-2015)". That might explain why Kraken spews out 502s all the time.


Dear snarky anonymous coward, as stated I left in 2015. I think you will find referenced issues occurred subsequent to that date under very different technical leadership.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: