Security Guidelines
| One of the most important points to understand before you begin to design your directory's security infrastructure is that there is no such thing as "secure" or "private" in an absolute sense. Instead, there are degrees of security and privacy that come with various trade-offs and apply only in well-defined contexts. A good analogy is the security of your house. It probably has one or more doors and windows, each with some kind of lock on it. The security-minded among us lock the doors and windows to our house in an effort to make it secure from unauthorized entry. Clearly, we can achieve only a modest level of security. A window can easily be broken. A lock can be picked. A door can be broken down. Adding bars on the windows and doors increases your level of security, but at the expense of your own convenience. Such trade-offs are typical in the security world and may well be worthwhile if you live in a neighborhood where threats are common. The lengths to which you should go to protect yourself generally should be proportional to the security threats you face ”a principle you should consider when designing your directory. Another important security lesson is that a system is only as secure as its weakest link, so it is important to think of the whole product and protect against every avenue of likely attack. Continuing our analogy to your house, consider the futility of installing a steel -reinforced door with triple dead bolt locks if you're going to leave your windows wide open. Similarly, making your directory system secure in one dimension while leaving other areas wide open leads to a false sense of security. Be sure to consider every aspect of security you can think of that might be related to your service. On the other hand, these concepts can be taken too far. Why have windows on your house at all? If they can be broken so easily, they provide no real security. Better board them up. Why bother locking your door when anyone who really wants to get in could easily break it down? Better go live in a bank vault. But what good does that do? Even bank vaults get robbed. The answer is that every effort you make to secure the weakest link improves the overall security of the system. Although no security system is guaranteed to thwart a determined and capable attacker, every additional security measure you employ increases the difficulty of attack. Every time you add a level of security, you filter out more attackers . The more difficult it is to break your security, the more likely it is that an attacker will give up or move on to someone else's house ”or directory service. So how far should you go to protect the security of your directory? The answer depends on the kinds of threats you face ”and the consequences you would suffer in case of a security failure. For example, if your directory contains name and e-mail address information, unauthorized access to the directory might result in a lot of junk e-mail being sent to your users ”which can be miserably annoying. But the most serious consequences usually are lost time and a waste of system resources. On the other hand, consider a directory used in a banking site that contains names , account numbers, credit card numbers , and other sensitive financial information. Unauthorized access to this directory might result in far more serious consequences, including improper access to bank accounts, unauthorized use of credit cards, damaged credit histories, and worse . Clearly, this information needs to be protected more strongly. All these principles are fundamental to security design. Keeping them firmly in mind during your design process will go a long way toward keeping you on track and will help make your service secure and successful. Here is a quick summary of these security and privacy design principles:
|
EAN: 2147483647
Pages: 242