Secure Design Principles - Getting Practical
Learn more about secure design principles, with a look at easy penetration, adequate protection, and effectiveness.
Join the DZone community and get the full member experience.Join For Free
Charles and Shari Pfleeger wrote Security in Computing in 1989 and it's currently in its fourth edition. It marks the transition of principle development from academia to more practically inclined audiences as principles become less a subject of academic research and more a point of day-to-day system development. The overall focus of this text is computer system security, and it covers subjects ranging from programs to cryptography, to computer networks. More of a general-purpose than a specific, specialized text, Security in Computing still conveys a difficult subject well in some detail. The principles Pfleeger and Pfleeger came up with have a slightly different perspective from other principles however as they are not system-centric, but rather take the perspectives of the attacker and defender into account.
Easiest penetration. The basic idea behind this principle is that an attacker will preferentially target easier exploits rather than harder ones, and, for the most part, this seems to be the case. This is heavily contexted dependent, though - attackers may use the easiest path to a target, but that depend on what that target is. You'll need to have a good idea of the real target in order to really evaluate correct easiest paths. Vulnerabilities that are easier to exploit almost always have exploits published for them, which makes them easier to take advantage of, but they'll also have defenses for them integrated into popular anti-malware suites. Attackers that are interested in stealth have a stronger interest in using more difficult exploits, especially since those exploits may be harder to detect.
Adequate protection. No gold plating, please! If you have information you need to protect, you should protect that information commensurate with its value. Today, people will usually allocate protection across an enterprise via some perceived risk metric. This is fine, but taking into account the value of the information being leaked is important too. You should try to keep in mind not only the primary value of the information or system but also how that information or system could be used to either paint a more vivid picture for an attacker or pivot more deeply into a system. Often, attackers will attack systems for secondary goals like covering tracks or for use as a stepping stone to more completely compromise an organization.
Timeliness. Information and systems can lose value over time. As they do, the protections allocated to that information or those systems should change. Protections cost money - and spending your cyber security budget on lots of little things of marginal value makes it much harder to protect the things that are really important. Likewise, if something suddenly becomes more important, increase the protections around it too.
Effectiveness. Security controls need to work, right? well, to do that, they need to be configured correctly. Make sure that the controls in your software or your organizations are correctly configured, and make sure any operators that touch those controls know what they're doing. Misconfigured controls and poor overall security hygiene are still the biggest causes of breaches today.
Weakest link. This is related to easiest penetration but from a different perspective. A system is only as secure as its weakest link. It's important that you think of how your applications can be compromised from a bunch of different perspectives. You don't have any idea where an attack might come from, and attack surfaces can change drastically depending on the attacker's perspective. Make sure that your attack surfaces are as small as possible from as many different vantage points as possible, and the overall security of your system improves.
Opinions expressed by DZone contributors are their own.