Beyond Fear: Thinking Sensibly About Security in an Uncertain World. by Bruce Schneier

Author:Bruce Schneier [Schneier, Bruce]
Language: eng
Format: epub
Published: 2011-04-20T12:58:00+00:00

The ideal of any security system is to prevent an attack, but prevention is the hardest aspect of security to implement, and often the most expensive. To be practical as well as effective, almost all modern security systems combine prevention with detection and response, forming a triad that operates as an integrated system to provide dynamic security, resilient failure, and defense in depth. Audits (retrospective detection) and prediction (prospective attempts at detection) don't produce the decisive real-time results that most people associate with security systems, but are extremely important in evaluating and thinking about ways to improve security systems.

Built in 1936, the U.S. Bullion Depository at Fort Knox consists of 16,000 cubic feet of granite, 4,200 cubic yards of concrete, 750 tons of reinforcing steel, and 670 tons of structural steel. The outer wall of the depository is constructed of granite and lined with concrete. Inside is a two-level steel-and-concrete vault with a 20-ton door. The vault casing is constructed of steel plates, steel I-beams, and steel cylinders laced with hoop bands and encased in concrete. The vault's roof is of similar construction and is independent of the depository's roof.

A barrier is the simplest countermeasure. It's a wall, a box, an envelope, or a mountain range. It's something that prevents the attacker from getting to the assets behind it, and it can be an excellent defense. Soldiers in concrete bunkers are harder to kill. Gold stored in Fort Knox is harder to steal. Moats made it harder to attack castles. Skin protects the body. A turtle's shell makes it harder for a predator to bite. The Three Little Pigs didn't sally out to tangle with the wolf; they stayed within their houses. (They did, however, learn valuable lessons about the relative effectiveness of straw, sticks, and bricks as preventive barriers.) Satellites are protected by another type of barrier: miles and miles of difficult-to-travel-in, impossible-to-breathe-in space. Prevention is the first and foremost role of any barrier.

Prevention is passive; it works all the time without anyone having to do anything. Unlike guards, who have to remain alert during their shifts and are relieved afterward, walls are simply there. And not all preventive countermeasures are physical barriers. Photocopy machines are built to include all sorts of technologies to prevent various currencies from being copied properly. Computer software is sold with embedded countermeasures, in the form of hidden codes, to prevent the software from being copied.

Prevention is what everyone thinks about first, but it's actually the hardest aspect of security to implement successfully, and often the most expensive. Suppose you run a company and you want to prevent your key executives from getting kidnapped when they travel to dangerous countries. You can house them in fortress-like hotels. You can hire armored cars for them to travel around in. You can hire bodyguards, working in round-the-clock shifts. You can do all of these things and more, but if a guerrilla army wants to kidnap your key executives, they'll still be able to do so. You can make it harder for the kidnappers, but you can't stop them totally.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.