Security

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

For the purposes of Identity Management Security applies to authorizing access only to the legitimately identified user and protection of User Private Information.

Context

  • Security in computer science covers a broad range of topics, like Availability that are not addressed in this wiki.
  • While some security experts might feel that, in theory, Privacy is a part of security. In practice security and privacy are often at odds and need to be addressed as separate issues by separate sets of proponents.

Problem

  • Security is not a feature of the internet, it is an add-on. Even current development activity, like OAuth 2.0 and OpenID Connect are successful, not because they are secure, but because developers like the freedom they offer. For details on that see the page Bearer Tokens Considered Harmful.
  • Study Shows Programmers Will Take the Easy Way Out and Not Implement Proper Password Security. (2019-03-09) "Researchers at the University of Bonn in Germany have found that developers tend to write code that stores user passwords in an unsafe manner, because that is easier than creating a more secure product. The researchers conducted an experiment involving 43 programmers hired via the Freelancer.com platform, and found that developers need to be explicitly told to write code that stores passwords in a safe, secure manner. The researchers asked the participants to use technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component of a website. Only 15 of the 43 developers chose to implement salting, a process through which the encrypted password stored inside an application's database is made harder to crack with the addition of a random data factor. In addition, 17 of the 43 developers copied their code from Internet sites, suggesting freelancers did not have the Researchers at the University of Bonn in Germany have found that developers tend to write code that stores user passwords in an unsafe manner, because that is easier than creating a more secure product. The researchers conducted an experiment involving 43 programmers hired via the Freelancer.com platform, and found that developers need to be explicitly told to write code that stores passwords in a safe, secure manner. The researchers asked the participants to use technologies such as Java, JSF, Hibernate, and PostgreSQL to create the user registration component of a website. Only 15 of the 43 developers chose to implement salting, a process through which the encrypted password stored inside an application's database is made harder to crack with the addition of a random data factor. In addition, 17 of the 43 developers copied their code from Internet sites, suggesting freelancers did not have the necessary skills to develop a secure system from scratch."
  • The above quote is far too optimistic. The number of programmers with the "necessary skills to develop a secure system from scratch" is exceedingly small. The average programmer needs to start with a solution architecture that fully encompasses the necessary security. Unfortunately most programmers do not understand the complexity of good security and just decide to add it in later after they have demonstrated a successful product. That day when they have the time to address security issues typically does not come until after the security of the product in the hands of end-users is compromised.
  • Sometimes what seems like good security and reliability features can interact in ways that make recovery very difficult. This happened to Maersk when they where attacked by ransomware and to Facebook when they bungled a BGP update. More details about their failure are at: https://lnkd.in/eUBsVp3e. TL:DR:
  1. they were doing some network maintenance, gave incorrect instruction that disconnected their main data centers from the Net;
  2. then their DNS servers all had this safety mechanism of disconnecting when they can't connect to the data center, which makes sense if only one/few of the DNS servers are disconnected, but due to (1), this happened for _all_ their DNS servers, so they all disconnected (by withdrawing their BGP announcements, hoping traffic will find its way to one of the other DNS server due to use of Anycast).
  3. when they realized what happened and tried to fix it, they found they can't connect to these servers since the only connection was via the (disconnected) Net, so they had to send people there _physically_
  4. this was not easy since these servers are often far and since they have heavy security defenses it took time to go through...

Solutions

  • It isn't that security is impossibly hard; the problem is that programmers are paid to deliver solutions on time. Since there is never enough time, there will never be any impetus for a programmer to deliver a secure solution. They deliver solutions that let them get home in time for dinner.
  • The only security solution that works in a capitalist society is to convince the CEO that they will suffer if the product is not secure. See the wiki page on Conduct Risk.

References