close

Вход

Забыли?

вход по аккаунту

?

Bruce Schneier

код для вставкиСкачать
Bruce Schneier
Article to read
http://www.theatlantic.com/doc/200209/m
ann
пЃ¬ Systems must fail smartly
пЃ¬
Secrets & Lies
Dynamic linking DLL created a whole
new set of problems, versus previous
fixed linking.
пЃ¬ There is no tamper proof hardware, only
tamper resistance, how resistant is it.
пЃ¬ People want security but they do not
want to see it working
пЃ¬
пЃ¬
http://usablesecurity.com/
Secrets & Lies
пЃ¬
Attack
1.
2.
3.
4.
5.
Identify target and collect information
about target (footprinting)
Analyze target identify vulnerability that
will achieve attack objectives
Gain appropriate level of access to target
Perform attack
Complete attack, hide tracks
Secrets & Lies
пЃ¬
Safe ratings
TL-15 can survive attack for 15 minutes
пЃ¬ Protection, detection, reaction work in
tandem
пЃ¬ If no one responds to an IDS then it is not
helpful.
пЃ¬
пЃ¬
пЃ¬
BTW one thing that his company does is
respond to IDSs.
I can see outsourcing this in certain
situations.
Secrets & Lies
пЃ¬
Must get the threat model right
Pages 304-305
пЃ¬ This is an iterative process you must not
stop looking at your threats.
пЃ¬
пЃ¬
Software
пЃ¬
Imagine just compiling a product then
shipping it, no testing
Imagine how bad it would be
пЃ¬ Rarely is software security tested so imagine
how bad it is
пЃ¬
Secrets & Lies
Future products pages 361-363
пЃ¬ Security systems must fail-safe
пЃ¬
If firewall fails must not just let in all traffic
пЃ¬ If credit card terminal fails go back to zipzap which is less secure
пЃ¬
пЃ¬
пЃ¬
This causes a lot of DOS attacks
This called safety engineering in
automobiles
Secrets & Lies
пЃ¬
Detection is more important that
prevention
Prevention is impossible
пЃ¬ Detect, fail-safe, recover, maintain chain of
evidence
пЃ¬ Banks do not eliminate alarm systems
because they have safes
пЃ¬ Modern society does not prevent crime,
police detect and respond to crime
пЃ¬
Документ
Категория
Презентации
Просмотров
3
Размер файла
38 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа