Acceptable Losses (was Re: Whoops! (re: WH network monitoring plan response))

Not only that -- security is not 0/1, all or nothing. It is possible
to be more or less secure; building a security system -- like a
firewall -- that has only the two states of "wide open" and "absolutely
impenetrable" is a bad idea.

Security is about risk management -- see Schneier's book "Secrets and

    --Steve Bellovin, (me) (2nd edition of "Firewalls" book)