Chapter 8. Security Dependencies
Security dependencies is one of the most important concepts in information security; yet, it is also one of the most often misunderstood. It is quite simple really: systems depend on each other for their security. We all really do know this, once we think about it, but we do not always realize how it impacts security. Bad guys know this, too, and it is the prime reason why we say that networks are designed like eggshells. The fact of the matter is that after you pierce the eggshell that is the firewall, everything else is soft and chewy on the insidethe hardest part is not to actually take over another system, but rather to figure out which one is the best choice to take over next . Only if we understand this concept will we be able to avoid critical dependencies and protect our network. This chapter has five parts . In the first, we examine the concept of dependencies in more depth. In the second and third, we look at two particular types of dependencies in more detail. In the fourth, we investigate how to avoid these dependencies; and, finally, in the fifth part we investigate other types of dependencies.