This depends on who you ask. Some people think that the more secure a system is, the better; with no exceptions. This school of thought is often attributed to product vendors. This approach helps them believe (and thus convince) that their product is a great buy, regardless of the situation. This approach is also common among information security newbies who believe that an additional requirement or mechanism can only make you more resistant, not less, and thus is always worth adding. The fancier of these guys call it an additional “layer”, so they sound more confident.

I guess it can be told by my tone so far that I disagree. Making a system or a network more secure is sometimes worthwhile and sometimes it is not.

Continue reading "Is more security always better?"