Configuration: the forgotten side of security
When the average computer user thinks about security, they usually think about reactive measures like anti-virus programs or security patches -- responses to a specific threat. Such measures play a role in securing a workstation or a network, but they are often less than half the story. A more efficient approach is to configure a system securely from the start. Yet the realities of the software market and IT management, as well as efforts to increase user convenience, often mean that security by configuration is neglected, despite the straightforwardness of most of the steps needed to obtain it.
Configuration-centered security is sometimes called security architecture or proactive security. Under any name, the approach means making the design and installation of a computer system part of your security. Dan Razzell, president of Starfish Systems, a Canadian consulting firm, explains, "When you build a system, you build it for a purpose. If you can accurately articulate the purpose of the system, then the system displays all the functions you want and none of the functions you don't want -- because it's the functions you don't want that are an egregious source of security exposure. Basically, if you don't carry any baggage that you don't need, you can solve a lot of your security issues right there. So, really, configuration really drives security."
Jerry Saltzer, professor emeritus at the Massachusetts Institute of Technology, and a computing pioneer who has influenced hundreds of students, would agree. "The right time to apply best practices is during system design," Saltzer says. "That way, installation, configuration, and daily use will automatically tend to be more secure. The installation staff is then in a good position to apply basic security principles such as least privilege and basic human engineering principles such as least astonishment when configuring the system."
- Login or register to post comments
- Printer-friendly version
- 1266 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago