Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security vs. Simplicity

From: aaa () bbb com
Date: Fri, 22 May 2009 13:31:18 -0600
Dan:

I think you have only part of the idea.  Outward simplicity does not guarantee security, but outward security may 
reflect a mature, well designed system, where the complexity is hidden.

Take a screen door and a solid core steel door with a deadbolt lock mounted on a secure steel door frame.  Both are 
simple to lock and unlock, but only all of the prior design, engineering, manufacture and installation effort that is 
unseen makes the steel door so very secure.

Same with 2 websites.  On surface they could look very similar, like a "registration" page.  But the secure one will 
use an encrypted connection (ie https), will perform complex input validation at the server, and will encrypt before 
storing personal information (so that data in motion and data at rest are both encrypted).  


From the user point of view they are equally easy to use, but from an IT point of view one is a hack just waiting to 
happen, the other is secure.


I think we are "on the same page" but I just wanted to make sure we are.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: