Issue No. 05 - September/October (2009 vol. 7)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.134
Daniel G. Conway , Augustana College
Steven M. Bellovin , Columbia University
How do we protect systems? The answer is straightforward: each component must be evaluated independently and protected as necessary. Beware the easy answers, such as deploying stronger encryption while ignoring vulnerable end points; that's too much like looking under the streetlamp for lost keys, not because they're likely to be there but because it's an easy place to search. Remember, too, that people and processes are system components as well, and often the weakest ones—think about phishing, but also about legitimate emails that are structurally indistinguishable from phishing attacks. I'm not saying you should ignore one weakness because you can't afford to address another serious one—but in general, your defenses should be balanced. After that, of course, you have to evaluate the security of the entire system. Components interact, not always in benign ways, and there may be gaps you haven't filled.
Steve Bellovin, systems, encryption, phishing, clear text
Daniel G. Conway, Steven M. Bellovin, "Security as a Systems Property", IEEE Security & Privacy, vol. 7, no. , pp. 88, September/October 2009, doi:10.1109/MSP.2009.134