Advanced Search

Please click here to take a brief survey

Real Security, Part I
Alex Steffen, 4 Nov 03

Hardcore geeks I know speak in hushed tones when they mention Bruce Schneier. Schneier is a security expert. His background is in computer network security, but like so many others these days he's learned to extrapolate the lessons of networked computers to our increasingly networked planet.

His killer observation? That security comes in two flavors: brittle and robust. Brittle security depends on stopping attacks, without fail. Robust security focuses on making attacks difficult, but making security failures much less costly. Brittle security is an overlay on an unchanged system (think of the increased number of security guards on our national powergrids). Robust security is a redefined system (think distributed power, with many more homes and institutions having their own solar or wind generation systems).

I'm not doing him justice, but his work is essential. This Atlantic Magazine profile may help explain it. His prescriptions for a good electonic security process are below. That they have broader application will be obvious to the intelligent reader.

Security Processes


Limit Privilege. Don't give any user more privileges than he absolutely needs to do his job. Just as you wouldn't give a random employee the keys to the CEO's office, don't give him a password to the CEO's files.

Secure the Weakest Link. Spend your security budget securing the biggest problems and the largest vulnerabilities. Too often, computer security measures are like planting an enormous stake in the ground and hoping the enemy runs right into it. Try to build a broad palisade.

Use Choke Points. By funneling users through choke points (think firewalls), you can more carefully secure those few points. Systems that bypass these choke points, like desktop modems, make security much harder.

Provide Defense in Depth. Don't rely on single solutions. Use multiple complementary security products, so that a failure in one does not mean total insecurity. This might mean a firewall, an intrusion detection system and strong authentication on important servers.

Fail Securely. Design your networks so that when products fail, they fail in a secure manner. When an ATM fails, it shuts down; it doesn't spew money out its slot.

Leverage Unpredictability. You know your network; your attacker doesn't. This is your big advantage. Make his job harder by disguising things, adding honey pots and booby traps, etc.

Enlist the Users. Security can't work if the users aren't on your side. Social engineering attacks are often the most damaging of any attack, and can only be defended against with user education.

Embrace Simplicity.
Keep things as simple as absolutely possible. Security is a chain; the weakest link breaks it. Simplicity means fewer links.


Detect Attacks. Watch the security products. Look for signs of attack. Too often, valuable alerts from firewalls, servers and even IDSes are simply ignored.

Respond to Attackers. It's not enough to simply detect attacks. You need to close vulnerabilities when attackers find them, investigate incidents and prosecute attackers. We need to build a world where criminals are treated as such.

Be Vigilant. Security requires continuous monitoring; it's not enough to read a weekly report. Read about new attacks as soon as possible. Install all security patches and upgrades immediately.

Watch the Watchers. Audit your own processes. Regularly.

Bookmark and Share



MESSAGE (optional):

Search Worldchanging

Worldchanging Newsletter Get good news for a change —
Click here to sign up!


Website Design by Eben Design | Logo Design by Egg Hosting | Hosted by Amazon AWS | Problems with the site? Send email to tech /at/
Architecture for Humanity - all rights reserved except where otherwise indicated.

Find_us_on_facebook_badge.gif twitter-logo.jpg