Chapter 23. Design Under Fire


This chapter deals with design under fire, which means the practice of looking at our network security designs the same way an attacker would. Analyzing how attackers can compromise our networks helps us find the networks' weaknesses so that we can improve their security. Analysis is a natural follow-up to the testing procedures discussed in Chapter 22, "Assessment Techniques." To implement design under fire, we discuss a process called adversarial review, which offers one way to protect our networks, even from vulnerabilities we are unaware of.

Performing an adversarial review might seem redundant because you already included security in your design from the start. However, the testing that occurs in the design stage attempts to determine whether a design functions according to its requirements. Such testing is an essential part of system design, but it tells you little about how secure the design is. It is entirely possible for a network to perform all of its functions exactly right, yet be completely insecure. An entirely different mental process is required to understand how someone else might intentionally break your design, but it is exactly the type of thought process necessary to eliminate the subtle security problems introduced into our networks.

To prepare you to perform an adversarial review, we begin this chapter with a discussion of how an attacker thinks about attacking a network. Then, we ask you to watch over our shoulders while we subject the designs in this chapter to the type of attention they would receive every day if they were implemented and placed on the Internet.



    Inside Network Perimeter Security
    Inside Network Perimeter Security (2nd Edition)
    ISBN: 0672327376
    EAN: 2147483647
    Year: 2005
    Pages: 230

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net