|
Rule 9: Think Like the EnemyThis rules follows naturally from the dichotomous nature of computer security -- where good and evil blur into gray, the "game theory" of computer security cited above, and the "There Are No Turnkey Security Solutions" rule. If computer security is a game, then the enemy makes the rules. This is why checklists and stock solutions like firewalls, which derive from set defensive rules, can prove to be ineffective against smart opponents. Assume that the other side has maximum capabilities, in accordance with the notion that "There's Always Someone Out There Smarter, More Knowledgeable, or Better-Equipped Than You." Identify those that could pose a threat to your systems and model their motives, capabilities, and worldviews. Surf to "hacker" sites that contain articles and tools for breaking into systems. Develop scenarios based on the threat model you face; if you were a UNIX systems programmer from a competing organization, how would you breach your organization's security?1 Copyright © 1999 by The McGraw-Hill Companies. Used with permission. HTML Copyright © 1999 Albion.com. |
|
|
Copyright © 1990-2006 Albion.com and Seth T. Ross
|
|||