October 2017
Beginner
60 pages
1h 9m
English
Content preview from Security from First Principles
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 5. Compartmentation
We shape our buildings; thereafter they shape us.
Winston Churchill
The Principle: Isolate system elements and enable and control the interactions essential for their intended purpose.
Key Question: Is this made of distinct parts with limited interactions?
Related Concepts: Modularity, Forward Secrecy, Least Privilege, Air Gapping, Cryptography
Compartmentation is the Principle of breaking apart our interconnected world; it is about building systems in isolation, and defining and controlling the ways in which they interact with one another. Compartmentation is where we ensure that the architecture of systems facilitates security, both now and in the future.
Too often, security is viewed (even by security experts) as an add-on—armor that you bolt onto the outside of existing systems to manage their vulnerabilities. By accepting this role, we acquiesce to insecurity that could be prevented or fixed at the architectural level. The most robust security is built into the very architecture of systems.
Rather than allow systems to operate as tangled messes of interconnectivity, Compartmentation teaches us to build systems that are defined, discrete, and limited. We shouldn’t only view the world in terms of “we need a lock on that door;” sometimes, we need to say “we don’t even need a door here.” And if you need something, maybe all you need is a mousehole, or a paper-slot, or a peep hole. The world of information security needs fewer bouncers with ever-growing ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.