Network devices face unending dangers

Subject: Network devices face unending dangers
From: Gary Stoneburner <gary.stoneburner@nist.gov>
Date: Wed, 04 Aug 2004 14:03:44 -0400
Content-Type: multipart/alternative; boundary="=====================_75700875==.ALT"

re: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci996813,00.html

"Speaking at the Burton Group Catalyst Conference last week, Daniel Golding, a senior analyst with the Midvale, Utah-based firm, explained that the "smarter" a device is, the harder it is to secure."

Seems I have heard this before :-) - NIST Special Publication 800-27A, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf -

"Principle 24 Strive for simplicity. The more complex the mechanism, the more likely it may possess exploitable flaws. Simple mechanisms tend to have fewer exploitable flaws ..."

Cheers,
Gary

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************

Prev by Date: Some realism from CNSS
Next by Date: Multiple critical flaws identified in Oracle
Prev by thread: Multiple critical flaws identified in Oracle
Next by thread: Some realism from CNSS

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov