-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/12/2016 05:19 PM, Peter Fairbrother wrote:
I've been revising the principles, and came up with this. It's an early version.
[ ... ]
The Laws of secure information systems design:
Law 0: It's all about who is in control Law 1: Someone else is after your data Law 2: If it isn't stored it can't be stolen Law 3: Only those you trust can betray you Law 4: Attack methods are many, varied, ever-changing and eternal Law 5: The entire system is subject to attack Law 6: A more complex system has more places to attack Law 7: Holes for good guys are holes for bad guys too Law 8: Kerckhoffs's Principle rulez! - usually... Law 9: A system which is hard to use will be abused or unused law 10: Design for future threats Law 11: Security is a Boolean Law 12: People offering the impossible are lying Law 13: Nothing ever really goes away Law 15: "Schneier's law c" [1] holds illimitable dominion over all... including these laws
I call these "Network Security Axioms." You will recognize most of them, I am sure. A couple are originals. Everything is under control; your control or someone else's. A trusted system is one that can break your security model. A hardened perimeter is easily broken; a hardened system, not so much. The laws of nations are easily broken; the laws of physics, not so much. In God we trust, all others provide full source code for peer review. Given enough observers, all bugs are shallow. To make a system stronger, attack it. Physical access can compromise any network security model. A failed data backup may cost more than a successful break-in. An unexamined assumption is a ticking time bomb. User refusal is the principal barrier to secure networking. Three years old, but holding up fairly well: http://pilobilus.net/comsec-101.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXhWa4AAoJEECU6c5Xzmuqg/YIAIqudvOHmV2r1n2fNzZCtMnO Hv9QhnwiWmer09SC6bZrDfX7U6hr/M2/nEn5d8aqrypZV4PYpZRYxW5ld3FEVU1Z HCQAP+zTEZGxBuZIzHAcniUfDrH5lCvCt9PBMOkrfrV6xh5kqbLoTSpWFcOYunnI 5MUXTFX3MqjwbvG1m7ObKYXWMBLUxII+pHhPbKN9NgxiHXUaJVdvl1lMs/z+inUM vUTyjj9EASqUcfGNykdFamEmIDyEh4+K2z2nlt7mneKzv+vXGpcEa2ZqroDl+1a/ ozFTivDR7vBJmsCdnlLcPbwNkGtSMzRiveV216q4zT9WidoZMQpMwodEBgVOY8c= =1Rre -----END PGP SIGNATURE-----