Chapter 14

PUTTING IT ALL TOGETHER

OVERVIEW

The previous chapters have presented a variety of hardware-based computer-security technologies that can play important roles in protecting information-technology (IT) systems. This final chapter presents a method to make informed decisions about which technologies should be employed in order to produce the most secure system for a given user environment. This method is applied to two example environments:

• A maximum-security environment where the contents of the computer, its authenticity, and the authenticity of the user take priority over anonymity
• A computer system that is designed to provide maximum possible security while maintaining user anonymity where possible

There are many intermediate security environments (such as one that minimizes user interaction or inconvenience) that are not addressed here, but the process described below should remain the same.

THE CHECKLIST

The more layers of strong protection that are employed by a system, the more difficult it will be to break into that system. Unlike “security by obscurity,” which does not work, defense by adding multiple layers of security (also called “defense in depth”) does work. The fact is that the more security layers that must be overcome before a hacker can gain access to critical information, the more difficult the execution of a successful attack becomes. The question is: which layers should be added for a specific protection environment?

The configuration of any system ...