| Can Easy To Use Software Also Be Secure | | | | have sadly resulted in a fatal outcome. Why are things |
| --------------------- | | | | like this missed? Are they just not on the radar screen |
| Anyone who has been working with computers for a | | | | because all the other complexities of the system |
| long time will have noticed that mainstream operating | | | | demand so much attention? There are million different |
| systems and applications have become easier to use | | | | variables I'm sure. The fact is, NASA scientists know |
| over the years (supposedly). Tasks that use to be | | | | they need to work on developing less complex |
| complex procedures and required experienced | | | | systems to achieve their objectives.This same principal |
| professional to do can now be done at the push of a | | | | of reducing complexity to increase security, |
| button. For instance, setting up an Active Directory | | | | performance, and decrease failures really does apply |
| domain in Windows 2000 or higher can now be done | | | | to the world of computers and networking. Ever time I |
| by a wizard leading even the most novice technical | | | | here associates of mine talk about incredibly complex |
| person to believe they can "securely" setup the | | | | systems they design for clients and how hard they |
| operating environment. This is actually quite far from | | | | were to implement I cringe. How in the world are |
| the truth. Half the time this procedure fails because | | | | people suppose to cost effectively and reliably |
| DNS does not configure properly or security | | | | manage such things. In some cases it's almost |
| permissions are relaxed because the end user cannot | | | | impossible. Just ask any organization how many |
| perform a specific function.If It's Easy To Develop, Is It | | | | versions or different brands of intrusion detection |
| Also Secure | | | | systems they have been through. As them how many |
| --------------------- | | | | times the have had infections by virus and malware |
| One of the reasons why operating systems and | | | | because of poorly developed software or applications. |
| applications "appear" to be easier to work with then | | | | Or, if they have ever had a breach in security because |
| they use to is developers have created procedures | | | | the developer of a specific system was driven by |
| and reusable objects to take care of all the complex | | | | ease of use and inadvertently put in place a piece of |
| tasks for you. For instance, back in the old days when | | | | helpful code that was also helpful to a hacker.Can I |
| I started as a developer using assembly language and | | | | Write A Document Without A Potential Security |
| c/c++, I had to write pretty much all the code myself. | | | | Problem Please |
| Now everything is visually driven, with millions of lines of | | | | --------------------- |
| code already written for you. All you have to do is | | | | Just a few days ago I was thinking about something |
| create the framework for your application and the | | | | as simple as Microsoft Word. I use MS-Word all the |
| development environment and compiler adds all the | | | | time, every day in fact. Do you know how powerful |
| other complex stuff for you. Who wrote this other | | | | this application really is? Microsoft Word can do all |
| code? How can you be sure it is secure. Basically, you | | | | kinds of complex tasks like math, algorithms, graphing, |
| have no idea and there is no easy way to answer this | | | | trend analysis, crazy font and graphic effects, link to |
| question.Secure Environments Don't Exist Well With | | | | external data including databases, and execute web |
| Complexity | | | | based functions.Do you know what I use it for, to write |
| --------------------- | | | | documents. nothing crazy or complex, at least most of |
| The reality is it may look easier on the surface but the | | | | the time. Wouldn't it be interesting that when you first |
| complexity of the backend software can be incredible. | | | | installed or configured Microsoft Word, there was an |
| And guess what, secure environments do not coexist | | | | option for installing only a bare bones version of the |
| well with complexity. This is one of the reasons there | | | | core product. I mean, really stripped down so there |
| are so many opportunities for hackers, viruses, and | | | | was not much to it. You can do this to a degree, but all |
| malware to attack your computers. How many bugs | | | | the shared application components are still there. |
| are in the Microsoft Operating System? I can almost | | | | Almost every computer I have compromised during |
| guarantee that no one really knows for sure, not even | | | | security assessments has had MS-Word installed on it. |
| Microsoft developers. However, I can tell you that | | | | I can't tell you how many times I have used this |
| there are thousands, if not hundreds of thousands of | | | | applications ability to do all kinds of complex tasks to |
| bugs, holes, and security weaknesses in mainstream | | | | compromise the system and other systems further. |
| systems and applications just waiting to be uncovered | | | | We'll leave the details of this for another article |
| and maliciously exploited.How Reliable and Secure are | | | | though.Conclusion |
| Complex Systems? | | | | --------------------- |
| --------------------- | | | | Here's the bottom line. The more complex systems |
| Let's draw a comparison between the world of | | | | get, typically in the name of ease of use for end users, |
| software and security with that of the space program. | | | | the more opportunity for failure, compromise, and |
| Scientists at NASA have know for years that the | | | | infection increases. There are ways of making things |
| space shuttle is one of the most complex systems in | | | | easy to use, perform well, and provide a wide variety |
| the world. With miles of wiring, incredible mechanical | | | | of function and still decrease complexity and maintain |
| functions, millions of lines of operating system and | | | | security. It just takes a little longer to develop and more |
| application code, and failsafe systems to protect | | | | thought of security. You might think that a large part of |
| failsafe systems, and even more failsafe systems to | | | | the blame for complex insecure software should fall |
| protect other systems. Systems like the space shuttle | | | | on the shoulders of the developers. But the reality is it |
| need to perform consistently, cost effectively, and | | | | is us, the end users and consumers that are partially to |
| have high Mean-Time-Between-Failure(MTBF).All in all | | | | blame. We want software that is bigger, faster, can do |
| the space shuttle has a good record. One thing it is not | | | | just about everything, and we want it fast. We don't |
| though is cost effective and consistent. Every time | | | | have time to wait for it to be developed in a secure |
| there is a launch different issues crop up that cause | | | | manner, do we?You may reprint or publish this article |
| delays. In a few circumstances, even the most basic | | | | free of charge as long as the bylines are included. |
| components of this complex system, like "O" rings, | | | | |