 |
Business | Industries | Finance | Tax |
| Index: > A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
|
|||||
| First Prev [ 1 2 3 4 ] Next Last |
It is important to understand that in a secure system, the legitimate users of that system are still able to do what they should be able to do. It has been said pejoratively that the only truly secure computer is one locked in a vault without any means of power or communication; however, this would not be regarded as a useful secure system because of the above requirement.
It is also important to distinguish the techniques employed to increase a system's security from the issue of that system's security status. In particular, systems which contain fundamental flaws in their security designs cannot be made secure without compromising their utility. Consequently, most computer systems cannot be made secure even after the application of extensive "computer security" measures.
There are two different approaches to security in computing. One focuses mainly on external threats, and generally treats the computer system itself as a trusted system. This philosophy is discussed in the computer insecurity article.
The other, discussed in this article, regards the computer system itself as largely an untrusted system, and redesigns it to make it more secure in a number of ways.
This technique enforces privilege separation, where an entity has only the privileges that are needed for its function. That way, even if an attacker has subverted one part of the system, fine-grained security ensures that it is just as difficult for them to subvert the rest.
Furthermore, by breaking the system up into smaller components, the complexity of individual components is reduced, opening up the possibility of using techniques such as automated theorem proving to prove the correctness of crucial software subsystems. Where formal correctness proofs are not possible, rigorous use of code review and unit testing measures can be used to try to make modules as secure as possible.
The design should use " defense in depthDefense in depth is the proposition that multiple layers of security are better than a single protection mechanism. The layers may be technological, procedural, or policy. The opening sequence of " Raiders of the Lost Ark" shows a physical manifestation o", where more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. Subsystems should default to secure settings, and wherever possible should be designed to "fail secure" rather than "fail insecure" (see fail safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.
In addition, security should not be an all-or-nothing issue. The designers and operators of systems should assume that security breaches are inevitable in the long term. Full audit trailAn audit trail is a record of transactions or communications all related to a single person, account or other entity. Webopedia callis it: :"A record showing who has accessed a computer system and what operations he or she has performed during a given pers should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks. Finally, full disclosureFull disclosure is a philosophy of security management completely opposed to the principle of security through obscurity. The issue of full disclosure is controversial, but not new: locksmiths were discussing full disclosure over a century ago. Definition helps to ensure that when bugs are found the " window of vulnerability " is kept as short as possible.
| Politics | Business | Finance |
 |
 |
 |
|