Re: Security vs. Simplicity

[Ansgar Wiechers <bugtraq () planetcobalt net>]

On 2009-05-18 avi shvartz wrote:
> In a design process of a critical infrastructure system there is
> always a tension between two tenets:
>
>   The "simplicity tenet" - keep it simple as much as possible.
>
>     And 
>
>   The "security tenet" - make it secure as much as possible.
>
> I am perfectly aware of all risk evaluation and assessment, TCO
> calculations etc, that suppose to help us all to reach a decision
> about "how much security" and "how much simplicity".
>
> But, we all know that gathering all relevant information and getting
> overall agreement about them and about the calculations of the
> risk\tco calculations is not "optimal" to say the least.
>
> I am also aware to the statement : "simple design is also a secured
> design".
>
> But, we all know that in real life the security folks wants to add
> "just this extra layer (for security in depth)
[...]
> Don't get me wrong, I do understand that it's a valid concern, I just
> say that it's not always will be in line with the "simple" design
> tenet.
>
> Now, let's say that after all the technical discussions the two
> inflamed opponents are in front of us (kind of real life situation.).
>
> I would like to ask your opinion in the following way:
>
> Let say that you are the manager who have to say one statement (kind
> of a bottom line):
>    "Design that system according to the simplicity principal"
>    or
>    "Design that system according to the security principal"
>
> I would humbly ask for an answer in a "managerial style":
>    first : what will be that bottom line.
>    second: (kind of appendix.) any explanation that you wish to add.

I don't believe the simple answer you seem to be looking for actually
exists. Security doesn't have any value in itself. Its sole purpose is
to protect you from losing your assets. Therefore I'm opposed to
implementing security measures "just because". Identify your assets.
Identify attack vectors that pose a threat to them. Implement measures
to mitigate these attack vectors.

I'd always recommend using as much security as necessary to effectively
protect your assets, but not a single bit more. How much that is depends
on the situation. What's "secure enough" for one company may be totally
insufficient for another one. However, simplified configuration is
always less prone to security breaches due to mistakes. Also keep in
mind that eventually there will be a "new guy" who hasn't been involved
in the development of your security system. The more complicated your
setup is, the more time and skill is required to understand and handle
it.

Regards
Ansgar Wiechers
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------