Security Basics mailing list archives
RE: Security vs. Simplicity
From: aaa () bbb com
Date: Fri, 22 May 2009 13:31:18 -0600
Dan: I think you have only part of the idea. Outward simplicity does not guarantee security, but outward security may reflect a mature, well designed system, where the complexity is hidden. Take a screen door and a solid core steel door with a deadbolt lock mounted on a secure steel door frame. Both are simple to lock and unlock, but only all of the prior design, engineering, manufacture and installation effort that is unseen makes the steel door so very secure. Same with 2 websites. On surface they could look very similar, like a "registration" page. But the secure one will use an encrypted connection (ie https), will perform complex input validation at the server, and will encrypt before storing personal information (so that data in motion and data at rest are both encrypted).
From the user point of view they are equally easy to use, but from an IT point of view one is a hack just waiting to happen, the other is secure.
I think we are "on the same page" but I just wanted to make sure we are. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- RE: Security vs. Simplicity, (continued)
- RE: Security vs. Simplicity Stefan Marksteiner (May 20)
- RE: Security vs. Simplicity Marksteiner, Stefan (May 20)
- Re: Security vs. Simplicity krymson (May 20)
- Re: Security vs. Simplicity shailesh . sf (May 21)
- Re: Security vs. Simplicity dan . crowley (May 22)
- RE: Security vs. Simplicity Jason Hurst (May 22)
- Re: Security vs. Simplicity Stephen Mullins (May 25)
- RE: Security vs. Simplicity Craig S. Wright (May 26)
- Message not available
- Re: Security vs. Simplicity Daniel Miessler (May 28)
- Message not available
- Message not available
- Re: Security vs. Simplicity Aarón Mizrachi (May 28)