During its deployment distribution and installation

This preview shows page 284 - 286 out of 342 pages.

We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Network+ Guide to Networks
The document you are viewing contains questions related to this textbook.
Chapter A / Exercise 67
Network+ Guide to Networks
Dean/West
Expert Verified
during its deployment (distribution and installation): If those responsible for distributing the software fail to tamperproof the software before shipping or uploading, or transmit it over easily intercepted communications channels, they leave the software vulnerable to intentional or unintentional corruption. Similarly, if the software’s installer fails to “lock down” the host platform, or configures the software insecurely, the software is left vulnerable to access by attackers. during its operation : Once open source software has gone operational, vulnerabilities may be discovered and publicized; unless security patches and updates are applied and newer supported versions are adopted, such software will become increasingly vulnerable. Non-commercial software and open source software (OSS) may also be vulnerable, especially as it may manifest untrustworthy behaviors over time due to changes in its environment that stress the software in ways that were not anticipated and simulated during its testing. But even in highly controlled networks and “locked down” environments, the software may be threatened by malicious insiders (users, administrators, etc.). Both research and real-world experience indicate that correcting weaknesses and vulnerabilities as early as possible in the software’s life cycle is far more cost-effective over the lifetime of the software than developing and releasing frequent security patches for deployed software. The Challenge of Building Secure Software External faults that threaten the software’s dependable operation are seen as a security issue when (a) the faults result from malicious intent or (b) the faults, regardless of their cause, make the software vulnerable to threats to its security. According to Bruce Schneider in Beyond Fear, “Security is about preventing adverse consequences from the intentional and unwarranted actions of others.” To be considered secure, software must exhibit three properties:
We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Network+ Guide to Networks
The document you are viewing contains questions related to this textbook.
Chapter A / Exercise 67
Network+ Guide to Networks
Dean/West
Expert Verified
Dependability : Dependable software executes predictably and operates correctly under all conditions, including hostile conditions, including when the software comes under attack or runs on a malicious host. Trustworthiness : Trustworthy software contains few if any vulnerabilities or weaknesses that can be intentionally exploited to subvert or sabotage the software’s dependability. In addition, to be considered trustworthy, the software must contain no malicious logic that causes it to behave in a malicious manner. Survivability (also referred to as “Resilience”): It is software that is resilient enough to (a) either resist or tolerate (i.e., continue operating dependably in spite of) most known attacks plus as many novel attacks as possible, and (b) recover as quickly as possible, and with as little damage as possible, from those attacks that it can neither resist nor tolerate (10).

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture