Default to No
While recently studying for my CISSP exam (more on that at a later date, perhaps), I came across a simple yet oft forgotten way of “adding” security – Namely, "Default to No".
Any good CISSP book will tell you that traditionally “Default to No” was applied to access control. When access is not explicitly allowed, it is implicitly denied.
Let's take a look at how this kind of thinking could be applied to Internet facing applications:
- Allow external access to the Administrator Interface? No.
- Default Administrator password? No.
- Give external users incredibly verbose error pages? No.
- Multiple sample set-ups with masses of functionality and user accounts, which, in order to be removed, require the customer to trawl through the entire user manual? Please, no!
As some developers might point out, in some instances it is very straight-forward to disable, for example, external access to the administrator interface. This usually demonstrates that care has gone into the user interface. Now, if it is trivial to enable/disable external administrator access, why don't developers help protect their customers, by initially setting such values to “No”?
While looking for some supporting arguments, I stumbled across an opposing view, entitled “Default to Trusting”. (Worth checking out if you have a few minutes to spare.) The writer supported his own argument by stating that a well-known programmer named Richard Stallman had encouraged the use of open, password-less systems in an interview. What he failed to mention, however, is that Stallman clarified this by saying: “Security might make sense with banks and military facilities, but in a computer lab, that is a sign of a social breakdown.” Social breakdown? That sounds like a remarkably apt description for the Internet.
After so many years you would think that developers, particularly those of web applications, would have come to realise that their applications are now "in the wild". Alas, no. Security continues, for the most part, to lurk in the depths of developers' minds ... and that keeps us very busy indeed :).
Any good CISSP book will tell you that traditionally “Default to No” was applied to access control. When access is not explicitly allowed, it is implicitly denied.
Let's take a look at how this kind of thinking could be applied to Internet facing applications:
- Allow external access to the Administrator Interface? No.
- Default Administrator password? No.
- Give external users incredibly verbose error pages? No.
- Multiple sample set-ups with masses of functionality and user accounts, which, in order to be removed, require the customer to trawl through the entire user manual? Please, no!
As some developers might point out, in some instances it is very straight-forward to disable, for example, external access to the administrator interface. This usually demonstrates that care has gone into the user interface. Now, if it is trivial to enable/disable external administrator access, why don't developers help protect their customers, by initially setting such values to “No”?
While looking for some supporting arguments, I stumbled across an opposing view, entitled “Default to Trusting”. (Worth checking out if you have a few minutes to spare.) The writer supported his own argument by stating that a well-known programmer named Richard Stallman had encouraged the use of open, password-less systems in an interview. What he failed to mention, however, is that Stallman clarified this by saying: “Security might make sense with banks and military facilities, but in a computer lab, that is a sign of a social breakdown.” Social breakdown? That sounds like a remarkably apt description for the Internet.
After so many years you would think that developers, particularly those of web applications, would have come to realise that their applications are now "in the wild". Alas, no. Security continues, for the most part, to lurk in the depths of developers' minds ... and that keeps us very busy indeed :).
0 Comments:
Post a Comment
<< Home