Trying to build an efficient and secure system is a hard task and no exact method or technique has been developed allowing computer experts to submit a software or a system for security check and have exact results whether the system can be trusted or secure enough. Important companies have used a lot of critical system for long time, government or military agencies before a breach in security is discovered either by internal employees or external attackers and it can result in some very important and disastrous consequences. It is important to consider security from the earlier stage of software development, we’ve seen in the past module that the software development life cycle includes couple of phases in which we can review the risks and mitigations for this last. However, this is not enough, a continual monitoring and review of the software cannot be avoided.
The monitoring of systems can address different issues as performance, availability, security…etc. When we consider the security aspect of a computer system, we can easily compare or inspire from other systems as the threat models, where the main concern is to avoid unauthorised access to specific entities and ensure that only trusted parties get permissions to access or change some objects. The burglar alarm systems have been used for a while before breaking for three main reasons (backdoor, defeated sensors DoS attack) (Bacon, 2001).
Similarly we can project and discuss how we can avoid such security issues for our computer systems.
– Backdoors: generally another way to access or get into the system, it can be throw corrupting the communications or the source code of the system. In the object oriented analysis and design, I was particularly attracted by the encapsulation principle, which allows the developers to hide the inner complexion and implementation of classes and present the different methods and properties in a nice and clear way. The encapsulation concept can be used for both simplifying development and security. The other application of backdoor attack is throw the communications. Systems should make sure that they open the minimum number of ports and communications are encrypted.
– Defeated sensors: if the security mechanism has not been properly configured and installed and the attackers know how to defeat the sensor (hash code, impersonation, serial …etc.) the security of the system is promised (Albino & Kusek, 2009).
– A denial of service, is one of the most known attacks, systems now should be designed to prevent a denial of service attack, by either filtering the incoming messages or requests and have some kind of cache for the outstanding queries.
Even with all these technique and those described related to the coding part of the system, we can hardly assure that the system has an acceptable level of security, unfortunately, in most cases security breaches are discovered late.
– Francis Bacon (2001). Monitoring Systems. University of Cambridge Press. Available at: http://www.cl.cam.ac.uk/~rja14/Papers/SE-10.pdf
– Marelize Görgens-Albino, Jody Zall Kusek (2009). Making Monitoring and Evaluation Systems Work: A Capacity Development Toolkit. World Bank Publications, 2009. ISBN: 0821381873