No Patch For Stupid!
In the case of human participation, no matter how good the program is, all kinds of unpredictable situations may occur. It is also widely believed in the security field that the biggest vulnerability is people! For example, the administrator's password may be leaked, and security problems often occur in unexpected places.
What is security?
The essence of the security issue is the issue of trust. Grasping the degree of trust conditions and making them just right is the difficulty in designing a security solution.
Security is an ongoing process
Defense technology and attack technology are constantly developing, and the two are mutually reinforcing dialectical relationship. Security checks should be carried out throughout the software life cycle.
Three elements of safety
The three elements of security are Confidentiality, Integrity and Availability.
Confidentiality requirements include that data content cannot be leaked, and encryption is a common means to achieve confidentiality requirements.
Integrity requires the protection of data content to be complete and not tampered with. A common technical means is digital signature.
Availability requires protected resources to be "on-demand". For example, a denial of service attack (DoS) destroys the availability of security.
Security Assessment Process
Asset classification--threat analysis--risk analysis--confirm solutions
The core issue of Internet security is data security.
Asset grading is the grading of data. Need to communicate with business leaders to understand what the most important data is.
The next step is to divide trust domains and trust boundaries. The simplest example is the simple website trust model, in which the most important data is placed in the database, followed by the web server (which can read and write the database and provide services to the outside world), and the outermost is the untrusted Internet.
After the trust domain is drawn, it is necessary to find out all the threats. Brainstorming is generally used, and threat modeling can also be used to avoid omissions. The method of threat modeling, also known as the STRIDE model, STRIDE is an acronym for the following 6 words
Spoofing Camouflage
Tampering Tampering
Repudiation
InformationDisclosureInformation Disclosure
Denial of Service
Elevation of Privilege
Risk Analysis
Factors affecting the level of risk, in addition to the size of the loss, also need to consider the possibility of occurrence. Microsoft proposed a DREAD model, which can more scientifically guide us from which aspects to judge the risk of a threat.
Design security solutions
The output of a security assessment is a security solution. The solution must be targeted and given based on the results of the above-mentioned asset classification, threat analysis, and risk analysis. A good security solution should have the following characteristics:
1) Can effectively solve the problem
2) Good user experience
3) High performance
4) Low coupling
5) Easy to expand and upgrade
How to design a security program
Secure By Default Principle
This principle is the most basic and most important principle, and it can also be summarized as the idea of whitelist and blacklist.
Wildcards should be avoided when using whitelists.
principle of least privilege
This principle requires the system to only grant the necessary authority to the subject without excessive authorization, thereby effectively reducing the chance of errors in the system, network, application, and database. When using the principle of least privilege, it is necessary to carefully sort out the privileges required by the business. When understanding the business, set up more rhetorical questions to determine the least privilege of the business.
defense-in-depth principle
Defense in Depth has two meanings:
1) Security solutions should be implemented at different levels and in different aspects, and different security solutions should cooperate with each other to form a whole;
2) Doing the right thing in the right place, i.e. implementing a targeted security program where the underlying problem is solved.
Data and Code Separation Principle
This principle is broadly applicable to a variety of scenarios where "injection" raises security issues. Such as XSS, SQL injection, CRLF injection, etc.
unpredictability principle
Let the objects that may be attacked have a certain randomness, which can effectively resist attacks based on tampering and forgery. The realization of unpredictability often requires the use of encryption algorithms, random number algorithms, and hash algorithms. Making good use of this principle often results in twice the result with half the effort.