Summary

This chapter has shown that there is quite a bit to creating guards and walls. This is the reason I emphasize making the creation of guards and walls a specialized task within your organization.

Here are the major lessons of this chapter:

• The walls are primarily responsible for fortification .

• Three technologies are typically used to build walls:

  1. Firewalls

  2. Database security configuration

  3. Role-based security

• All data coming into the fortress must be validated . Validation includes

  • Checking for string length violations

  • Checking for unexpected characters

• Auditing is important if you need to track fortress changes.

• Authentication is needed to verify that requests are coming from approved sources. Authentication is done with encryption/decryption algorithms based on either secret keys (in the shared-key system) or public/private keys (in the public/private “key system).

• Privacy is about hiding data from prying eyes, which is accomplished by encryption/decryption.

• Integrity means keeping data from changing as it passes through the drawbridge, which also makes use of encryption/decryption.

• Nonrepudiation means being able to prove , at a later date, the source of an infogram . This is usually done with public/private “key systems.

• Authorization, although it seems like a guard/wall issue, is usually done by a business application worker.