Mod 6 Flashcards
(19 cards)
List 4 Security System Design principles
Avoid Security by Obscurity
Defense in Depth
Establish Secure Defaults
Fail Securely
Define Fail Securely
Security controls should be designed to faile until they are prove valid. Whena security control does fail, it should palce the system in a secure state.
Define Establish Secure Defaults
Never rely on someone needing to configure or enable security
Define Defense in Depth
Don’t rely on a single security method to protect everything
Define Avoid Security by Obscurity
Don’t rely on secrecy as your security
Define Economy of Mechanism
Keep security simple
Define Complete Mediation
Every access point to every object must be checked before allowing access
Define Open Design
Security design should be open, not kept sectret, to be analyzed by the community
Define Least Common Mechanism
Minimize the amount of mechanisms that are common to more than one user
Define Psychological Acceptability
User interface is easy to use
Define Fail-Safe Defaults
If an action fails, the system is still secure by default
List 6 Security Software Design principles
Complete Mediation
Economy of Mechanism
Fail-Safe Defaults
Least Common Mechanism
Open Design
Psychological Acceptability
List 4 principles for System and Software
Don’t Truest Services
Fix Security Issues Correctly
Keep Security Simple
Minimize Attack Surfaces
List 2 ways to minimize attack surface
Minimize the number of open ports,
Minimize the number of ways to have input
Define architectural pattern
a set of architectural design decisions applicable to a recurring problem
Define architectural style
a fundamental structural organization schema for software systems
Define design pattern
a catalog of low-level structural and process arrangements in code
(T/F) Data Flow Diagrams are UML.
False
List the 6 properties needed to validate a security requirement
Authentication
Integrity
Nonrepudiation
Confidentiality
Availability
Authorization
