To understand the technical security risks of a system, architects and designers need to understand the nature of these risks in order to better prevent them. The general nature of risks in our systems can be categorized into the following major areas:
Improperly configured systems
Poor authentication (that is, insufficient password requirements)
Lack of encryption in network traffic
The primary reason that any given part of a system is a security risk is improperly configured or buggy software. An improperly configured system or a system with a bug opens a security hole that can be exploited. One of the most famous security breaches has been chronicled by Clifford Stoll in his book The Cuckoo's Egg, in which he describes ...