Essay sample

What Weaknesses Did the Attacker Exploit in “How to Think About Security”?

Free ideas for

Cyber Security also called computer security and IT security, is the assurance of data from theft or any harm to the gadget, the product and information stored on hardware

It incorporates controlling physical access to the equipment and additionally ensuring against code or data injection or via network access. The field is of developing significance because of the expanding dependence of PC frameworks in most societies. Computer frameworks now incorporate a wide assortment of "keen" gadgets, including cell phones, TVs and little gadgets as a major aspect of the Internet of Things – and systems incorporate the Internet and private information systems, as well as Bluetooth, Wi-Fi and different remote system.

Free ideas for

The digital security industry is in desperate need of perceptual shift. Countermea- sures are sold as ways to avoid threats. Good encryption is sold as a way to prevent eavesdropping. A good firewall is marketed as a way to prevent network attacks. PKI is sold as trust management, so you can avoid mistakenly trusting people you really don't. And so on. This type of thinking is completely backward. Security is old, older than computers. And the old-guard security industry thinks of countermeasures as ways to avoid risk. This distinction is enormous. Avoiding threats is black and white: either you avoid the threat, or you don't. Avoiding risk is continuous: there is some amount of risk you can accept, and some amount you can't. Security processes are how you avoid risk. Just as businesses use the processes of double-entry bookkeeping, businesses need to use a series of security processes to protect their networks. Security processes are not a replacement for products. Rather, they're a way of using security products effectively. They're a way to mitigate the risks. Network security products will have flaws; processes are necessary to catch attackers exploiting those flaws, and to fix the flaws once they become public. Insider attacks will occur; processes are necessary to detect the attacks, repair the damages and prosecute the attackers. Large systemwide flaws will compromise entire products and services (think digital cellphones, Microsoft Windows NT password protocols or DVD); processes are necessary to recover from the compromise and stay in business. Microsoft also knows that real security is not cost-effective. They get whacked with a new security vulnerability several times a week. They fix the ones they can, write misleading press releases about the ones they can't, and wait for the press fervor to die down (which it always does)

And six months later, they issue the next software version with new features and all sorts of new insecurities, because users prefer cool features to security.

Free ideas for

The best example is in the Web domain where developers often assume that the browser will protect their servers by restricting what users can do. Yet, browsers exist on client machines and are out of our control (D.R

Krathwohl). Proxies, scripts, and techniques such as forceful browsing (visiting pages by entering URLs directly rather than following the Web site’s navigation links) are proof that browsers can’t be trusted. In every system, we must understand what’s expected and what’s guaranteed. We can expect a browser’s JavaScript implementation to conclude that 1+1=2, but we can’t guarantee it, and we certainly can’t rely on it for any security-related decision. Sure, most users are legitimate, and hacks are rare events. But it takes just one malicious user to bring a system down or exploit it in a way that ensures that it’s never trusted again. The assumptions we make about our users require a little bit of paranoia. Trust can’t be assumed; it must be enforced. As if user unpredictability weren’t problem enough, developers also have to tangle with the unpredictability of the environments in which their applications reside (B.S. Bloom, 1956). Given the vast environmental variations that our software might encounter, we have to anticipate how an application will react in different scenarios. Expecting the unexpected isn’t just about adversarial users but also about hostile environments.

Free ideas for

By and large, cybersecurity is proving to be a major crime in the US. Alongside terrorism cybercrime is the major threat facing the U.S today. Hackers are stealing important information from Fortune 500 firms apart from breaking into government networks. This calls for a proactive approach to control cybercrime

The lack of consensus among industry players and legislators in the management of cybercrime is a worrying trend. The acts need to be passed to help manage the cyber space. Innovative research and programs need to be carried out to ensure pragmatic solutions to the dynamic cyber threats.

Free ideas for

B.S. Bloom, Taxonomy of Educational Objectives, Handbook I: The Cognitive Domain, David McKay Co., 1956.

D.R. Krathwohl, B.S. Bloom, and B.M. Bertram, Taxonomy of Educational Objectives, the Classification of Educational Goals. Handbook II

Was this essay example useful for you?

Do you need extra help?

Order unique essay written for you
ORDER NOW
755
Words
2
References
essay statistic graph
Topic Popularity
ORDER ESSAY