IT security has received increased attention primarily, but not exclusively, due to the increased threat from viruses, worms, password crackers, Trojan horses, and a cornucopia of other types of malware and exploits. As a consequence of this increased attention, a variety of security models have been proposed. Security in depth (SID) is one such example. Winn Schwartau’s time-based security is another. In this column, I offer another modest example extrapolated from popular culture: faith-based security, aka “no network left behind.”
the first appearance of an exploit coincides with the first appearance of a vulnerability. One of the grand challenges in future digital
to describe everything from cas-
caded network defenses and lay-
ered intrusion prevention/detection
systems to differentiated pass-
word-control policies. About
the only common theme I
can detect is that security-
in-depth seems to be
used interchangeably
with “more is better.”
HAL MAYFOR TH
SECURITY MODELS By their very nature, security models are usually out of date. Security modeling is akin to driving forward while looking through the rearview mirror since security systems are primarily reactive. The problem is illustrated by zero-day exploits where
security is to figure out how to model the unknown in anticipation of post-modern exploits, such as zero-day attacks and so-called “super worms.”
Security models also tend to be obtuse. Though “security in depth” is a common phrase in IT circles, few could define it precisely. The phrase has been used
THE SECURITY IN DEPTH FALLACY
There is an interesting
fallacy in informal logic
called the principle of
vacuous alternatives. It
goes something like this:
Take any sentence. If the nega-
tion of that sentence seems pre-
posterous, then the original
sentence is likely vacuous. As an
example, consider “I believe in
justice.” The negation, “I don’t
believe in justice,” seems like an
absurd remark. It’s not that it’s
nonsensical. Rather, it has no
conversational contribution to
make as it’s difficult to imagine
how any reasonable person could
References:
Archives