What Are the Principles of Information Security Design? You can use several well-known security design principles to help you design security for information systems. These principals have their roots in the design of security for business system processes. Although you might not be able to apply every principle to every security design situation, you will find that using these principles will allow you to quickly see where security can be added. These principles should be part of your framework. Use these security design principles to help you design security for information systems: ■ Separation of duties. Whenever possible, separate the functions of critical operations and assign different parts of the operation to different roles within the organization. For example, programmers should not have network administration privileges; those with backup rights shouldn’t have restore rights; and auditors shouldn’t be able to modify systems. ■ Least privilege. Give people only the privileges and access to data that they absolutely need. For example, users shouldn’t be administrators on their desktops. Delegate administrative authority at the organizational unit (OU) level where possible, not domain-wide. ■ Reducing the attack surface. The fewer avenues of attack that are available, the less there is to protect and the less chance there is of the network being compromised. For example, disable unneeded services, don’t install unnecessary services or applications, and protect sensitive data with encryption. ■ Defense in depth. Do not rely on one defense. Use many. If one fails, the other might prevent the intrusion or at least give you time to deal with it. For example: ❑ Require authentication, use permissions on shares, use permissions on folders, and use permissions on files. ❑ Use a firewall, use gateway filters for e-mail, harden servers and client computers, train administrators, train users, and create an incident response team. ■ Diversity of mechanism. If every computer is the same and if every defense mechanism is the same, then they will fail the same way. Use a variety of mechanisms. This is also addressed by providing redundancy and multiple paths. For example, design a classic perimeter network (also known as a DMZ, or demilitarized zone, and a screened subnet) or border network with two firewalls. One fire-wall should be between the Internet and the border network and the other should be between the border network and the internal network. Do not use the same firewall at each border. If an intruder successfully penetrates the external firewall, you do not want her to be able to use the same attack on the internal firewall. ■ Use of fail-safe defaults. Systems should always be configured to choose the most secure default action. For example: ❑ Ports on firewalls should always be closed by default. You must open those for which you want to provide access. ❑ No access, such as access to a file, should be possible unless it is explicitly given. ■ Economy of mechanism. Complexity is the enemy of security. The more complex security is, the more likely it is to fail. When a security strategy is hard to under-stand, people don’t use it or configure it incorrectly. For example, if a smart card must be in the smart card reader to keep a session going, make the smart card the employee ID badge. Because an ID badge must be worn at all times, the user’s smart card will always be available to the user. Only one card is therefore necessary for both approved entrance to the building and free access to building facilities and the logon for the computer. In addition, when a user leaves his desk, he must remove the smart card to retrieve the necessary badge for building access. If the computer is configured to log the user off when the card is removed, another security activity is automatically used and the user doesn’t have to remember to do it. ■ Use of open designs. Security through obscurity generally doesn’t work if it is the only security strategy. Security designs should use well-understood algorithms. Well-known algorithms have been examined by many security experts, and it is more likely that the flaws have been discovered and corrected. This does not mean that you should expose the security mechanisms in place for your organization, network, applications, and so on. It means that you should choose well-known algorithms and products that have been inspected by others and use generally accepted practices and principles. An example of this is to use IPSec for communication security or Kerberos for authentication, as opposed to using proprietary protocols.
Posted on: Fri, 01 Aug 2014 15:51:42 +0000
Trending Topics
Recently Viewed Topics
© 2015