The previous chapters have presented a variety of hardware-based computer-security technologies that can play important roles in protecting information-technology (IT) systems. This final chapter presents a method to make informed decisions about which technologies should be employed in order to produce the most secure system for a given user environment. This method is applied to two example environments:
There are many intermediate security environments (such as one that minimizes user interaction or inconvenience) that are not addressed here, but the process described below should remain the same.
The more layers of strong protection that are employed by a system, the more difficult it will be to break into that system. Unlike “security by obscurity,” which does not work, defense by adding multiple layers of security (also called “defense in depth”) does work. The fact is that the more security layers that must be overcome before a hacker can gain access to critical information, the more difficult the execution of a successful attack becomes. The question is: which layers should be added for a specific protection environment?
The configuration of any system ...