1. In complex situations, fall back on what you already know.
When you seek medical attention, you don’t as a rule, want a radical doctor who’s offering a new and untested treatment. You want the same thing that cured the previous person. This is just an example of a principle that affects so many areas of our life. It doesn’t mean you must be a conservative to its strictest meaning but you wouldn’t want to be the guinea pig for experimentation of untested procedures either.
2. Attach the most importance to best-accepted standards.
If someone designed a totally new kind of parachute, you wouldn’t jump at the chance to try it out.
Airplane designers know what works and how it works. For the sake of flight safety, they don’t make random changes in design.
3. Newer systems are, by their nature, less secure than older ones.
Every change, in how the system works, how it is used, and how it interacts with other systems, has the potential to move the weakest link. Make one link more secure, and another suddenly becomes the weakest. In some instances where car theft was the issue, a device to make it difficult to turn ignition keys moved the modus operandi of criminals from the ignition switch to the driver in carjackings.
4. It is not a good idea for a security system designed for one set of circumstances to be used for another.
The analysis that led people to believe the system was secure initially, may not be valid in the new application. The new threats could overwhelm the existing order unless the responses are also dynamic. Wooden guardrails on roads might be good enough for cars chugging along at 30mph, but they are useless in protecting a driver doing double that speed.
5. A chain is no weaker than the weakest link.
No matter how many strong links there are in it, a chain will break at its weakest link. Improve the strength of the weakest link and you improve the strength of the whole chain. A lot of security is like the above scenario. If your house has two doors, the security of the house or how secure the house is, is related to the weaker door. If you can identify different methods to smuggle a gun onto an airplane, the security of the airplane depends on the easiest of the methods. Smart attackers are going to attack a system at its weakest point and that is what a security system has to take into account.
6. Just as security is subjective, so is the weakest link.
If you think you have found the weakest link in a system, think again. Which weakest link did you find? The one for a petty criminal? The one for organized crime? The one for a terrorist? There might become one weakest link for an attacker who is willing to kill, and another one for an attacker who is not.
7. Compartmentalize security.
Imagine a town’s residents building a common defensive wall around their homes. Each household is responsible for its own part of the wall, and all the parts connect to form a solid perimeter. If ninety-nine percent of the families built it tall and strong, their collective effort will be undermined by just one family which decided to build their side of the wall short. That can be exploited by attackers to attack the whole community. Deducing from this example, security compartmentalization will require that each household build walls around their own houses only, then the attacker who climbs one wall would gain access to only one building.
8. The best security systems don’t have single points of failure.
When one countermeasure fails, another countermeasure is there to confront the attacker. A very important personality who is secured by a team of bodyguards only has just one defensive line. If the dignitary involved wears a bullet-proof vest and sits in a bullet-proof car, then security is padded and doesn’t have a single point of failure. Embezzlement is prevented if several people are in charge of the books and the books are audited regularly by still more independent people. Forgery-resistant credit cards work better when combined with online verification and a back-end computerized system that looks for suspicious spending patterns.
9. Defense in depth is standard military defensive doctrine.
A minefield by itself is not nearly effective as a minefield covered by artillery fire. Armored units alone in a city are vulnerable but armor together with dismounted infantry is much more effective. Ground and air forces work best together.
10. Create a choke point. The technique to complément defense in depth & compartmentalization.
A choke point is a defensive structure that forces people, goods, or data into a narrow channel, one that can be secured more easily. Think of the few border crossings between two unfriendly countries, and the huge line of people and cars waiting to go through them. As annoying as those lines are, it is easier to secure a few crossings than it would be to secure the same border with hundreds of different crossings. But choke points work only if there is no way to get around them. For instance, firewalls protecting computer networks are less effective if there are unprotected dial-up modem lines attached to computers inside the network. In a surprisingly common error, employees working from an unprotected home computer dial into a well-protected company network, instantly making the network as vulnerable as the home machine.
(Inspired by Bruce Schneier’s pieces of literature)