Seven Tenets of Good Security
Marcus Ranum and Fred Avolio
Minimalism. Simple is better than complex. This pertains to the
methods and mechanisms used to implement security, the way a device is
managed and used, and the network security paradigm embraced by a network
security policy. There are two basic paradigms:
Mimimalism supports the second.
- That which is not expressly prohibited is permitted.
- That which is not expressly permitted is prohibited.
Reductionism. Simplicity is important with software as well. Security
and complexity are often inversely proportional.
Restriction No users. Nearly all security breaches are caused by
someone compromising a user account.
Auditability. A security device should be configured to gather as
much data as is possible. It is easier to compress, consolidate, summarize,
and delete log information, than it is to capture extra information on an
event that happened yesterday.
Accountability. User identification is vitally important if users
are to be allowed to use security systems.
Configurability. A security device is one of the methods and mechanisms
used to implement a security policy. A security policy is based on input
from a risk assessment and a business needs analysis. A security device should
not impose rules of its own but be configurable to implement an organization's
security policy. It must also be flexible to change as the organization's
security policy changes.
Examinability. The methods and algorithms used to implement security
should be implemented as a crystal box.