WWW:Beyond the Basics

14 Java Security

14.2 Security Issues

14.2.2 Common Security Problems

Risk Avoidance

The most common security fallacy is that the goal of security is to eliminate all risk and vulnerabilities from a system. This is an unrealistic goal. A company with "zero tolerance" approach will not survive on the internet. As discussed in the previous section, there is a trade-off between cost and achieving security to a certain degree.

Piecemeal Security

Piecemeal security is the tendency to look at small pieces of a system or network in isolation from the system as a whole. Since computer networks are extremely complex, it is of little importance to examine the individual aspects of the system. Piecemeal security often results when several departments are responsible for different aspects of security. If these departments do not work closely together, each can set policies without regard for how those policies affect security as a whole. This can create vulnerabilities at the borders.

Steel Doors and Grass Huts

A flaw found in a new technology often prompts an organization to expend great effort patching the vulnerability, without first checking to see if this same vulnerability exists, undetected in existing systems. Like steel doors on a grass hut, these patches, produced at great expense, close on one possible hole but do little to increase the security of the system as a whole.

One of the most important parts of the security process is staying informed. New attacks and vulnerabilities of computer and network systems are found regularly.

[PREV][NEXT][UP][HOME][VT CS]

Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved

Vijay Sureshkumar <vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996