Beyond Software Architecture[c] Creating and Sustaining Winning Solutions
Many of the same techniques used for transaction security can be adapted for information security, although they are far less effective. To understand information security, ask yourself the question, What if someone had open access to all my files and databases? If your data is encrypted, and you've stored the encryption keys in the database or in a file in the same system, the hacker has the keys to decrypt it. If your data is signed, the hacker can alter it since he has the keys needed to sign it again after it is altered . You can, and should, store these things outside the database or file system managed by the application, but this is an operations nightmare. In addition, other systems frequently want to manipulate these data, and encryption makes them useless for this purpose. As a result, the primary approach to information security is not to protect the information once it's been accessed, but to prevent access to it in the first place. The main tools for doing this are network tools such as firewalls and intrusion detection software and user management tools such as password policy checkers. Password security is an interesting area in itself. Many companies never store passwords in a databaseinstead, they run a digest algorithm over them and store only the digests. That means that no hacker can steal a whole database full of passwords, since the passwords themselves aren't there. Unfortunately, it also means that if a user loses a password the best you can do is generate a new oneyou can't derive it from the result of the digest function any better than a hacker can. Many Web sites operate that way, especially the ones that ask you for a special question they can use to authenticate you should you lose your password and require a new one. Another technique is to store passwords on an internal system not reachable from the Internet but reachable only from a server on a local file system. If a hacker is going to get passwords, he must first hack into the outer system and then use that as a way to get at the inner system. Intrusion detection systems can often foil such attempts. One of the common things that we think of in information security is theft. In the digital world, information theft boils down to illegally copying bits from one computer to another. This may not be your most serious threat. Semantic attacks, in which hackers alter data stored in a database to gain an advantage, are on the increase. For some reason, these attacks seem less harmful , perhaps because Hollywood has created too many cute movies in which the nerdy hacker changes his grades. When that nerdy hacker is changing bank accounts, altering credit histories, or changing voting records, things aren't so funny . Information security should guide your system architecture, but don't attempt to write your own toolsthere are many excellent ones already available for that. |