Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: 3.7 Diversity of DefenseChapter 3
Security Strategies		Next: II. Building Firewalls
 

3.8 Simplicity

Simplicity is a security strategy for two reasons. First, keeping things simple makes them easier to understand; if you don't understand something, you can't really know whether or not it's secure. Second, complexity provides nooks and crannies for all sorts of things to hide in; it's easier to secure a studio apartment than a mansion.

Complex programs have more bugs, any of which may be security problems. Even if bugs aren't in and of themselves security problems, once people start to expect a given system to behave erratically, they'll accept almost anything from it, which kills any hope of their recognizing and reporting security problems with it when these problems do arise.

Previous: 3.7 Diversity of DefenseBuilding Internet FirewallsNext: II. Building Firewalls
3.7 Diversity of DefenseBook IndexII. Building Firewalls

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]