Re: Security vs. Simplicity

[Aarón Mizrachi <unmanarc () gmail com>]

On Lunes 18 Mayo 2009 11:02:39 avi shvartz escribió:
> Hello list,
>
>
>
> In a design process of a critical infrastructure system there is always a
> tension between two tenets:
>
>   The "simplicity tenet" - keep it simple as much as possible.
>
>     And
>
>   The "security tenet" - make it secure as much as possible.
>
> I am perfectly aware of all risk evaluation and assessment, TCO
> calculations etc, that suppose to
>
>   help us all to reach a decision about "how much security" and "how much
> simplicity".
>
> But, we all know that gathering all relevant information and getting
> overall agreement
>
>   about them and about the calculations of the risk\tco calculations is not
> "optimal" to say the least.
>
> I am also aware to the statement : "simple design is also a secured
> design".
>
> But, we all know that in real life the security folks wants to add "just
> this extra layer (for security in depth)
>
>   And\or "just this vlan (for yet another communication separation)" etc.
>
> Don't get me wrong, I do understand that it's a valid concern,
>   I just say that it's not always will be in line with the "simple" design
> tenet.
>
>
>
> Now, let's say that after all the technical discussions the two inflamed
> opponents are in front of us
>  (kind of real life situation.).
>
>
>
> I would like to ask your opinion in the following way:
>
>  Let say that you are the manager who have to say one statement (kind of a
> bottom line):
>    "Design that system according to the simplicity principal"
>    or
>
>    "Design that system according to the security principal"
>
>  I would humbly ask for an answer in a "managerial style":
>    first : what will be that bottom line.
>    second: (kind of appendix.) any explanation that you wish to add.


Hello Avi.


Like everything, there must be a balance. and, the balance of simplicity are 
comming to us by the security and maintenance issue. This is a good paradox.

Why?

a very complex system (yes: system as application, network, and  all things 
related), are prone to be buggy. And also, we ussualy think on security like 
an "extra layer" added to the application.

Complex systems are prone to be buggy because:

1st. Are difficult to manage
2nd. The code/configs have also the tendence to be "complex", and this, itself 
is an entropy generator and application bug maker factor.
 

What i recommend...

This is only information system theory, but works there also... your project 
could be fat in the first instance, could be complex, but, you can simplify 
them with organization. Be Modular. Segment your work in modules, then, secure 
every module, and next, secure "inter-module" communication.

If you need to ad a new vlan, do it, document it, separate processes, define 
it, but, be modular and have order.

Organized complexity are simplicity. 

> Than you all for your kind attention,
>
> Avi
>
>
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
> Instructor-Led and Online formats is the most concentrated exam prep
> available. Comprehensive course materials and an expert instructor means
> you pass the exam. Gain a laser like insight into what is covered on the
> exam, with zero fluff!
>
> http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
> ------------------------------------------------------------------------

-- 
Ing. Aaron G. Mizrachi P.    
http://www.unmanarc.com
Mobil 1: + 58 416-6143543
Mobil 2: + 58 424-2412503

Attachment: signature.asc
Description: This is a digitally signed message part.