Page 391 -
P. 391

374   Chapter 14   Security engineering


                                        Technology Choice   Vulnerabilities


                                                                  Users Set    Authorized Users Reveal
                                         Login/Password           Guessable      their Passwords to
                                          Authentication
                                                                  Passwords      Unauthorised Users



                                                               Server Subject to  Confidential Information
                                                               Denial of Service  May be Left in Browser
                                           Client/Server           Attack             Cache
                                         Architecture Using
                                          Web Browser                    Browser Security
                                                                         Loopholes Lead to
                                                                        Unauthorized Access




                                                               Fine-Grain Logging  Authorization can’t
                  Figure 14.3             Use of Editable        of Changes is   be Varied According
                  Vulnerabilities          Web Forms              Impossible       to User’s Role
                  associated with
                  technology choices


                                      For a generic system, these design decisions are perfectly acceptable, but a life-
                                    cycle risk analysis reveals that they have associated vulnerabilities. Examples of pos-
                                    sible vulnerabilities are shown in Figure 14.3.
                                      Once vulnerabilities have been identified, you then have to make a decision on
                                    what steps that you can take to reduce the associated risks. This will often involve
                                    making decisions about additional system security requirements or the operational
                                    process of using the system. I don’t have space here to discuss all the requirements
                                    that might be proposed to address the inherent vulnerabilities, but some examples of
                                    requirements might be the following:


                                    1.  A password checker program shall be made available and shall be run daily.
                                        User passwords that appear in the system dictionary shall be identified and users
                                        with weak passwords reported to system administrators.
                                    2.  Access to the system shall only be allowed to client computers that have been
                                        approved and registered with the system administrators.
                                    3.  All client computers shall have a single web browser installed as approved by
                                        system administrators.

                                      As an off-the-shelf system is used, it isn’t possible to include a password checker in
                                    the application system itself, so a separate system must be used. Password checkers ana-
                                    lyze the strength of user passwords when they are set up, and notify users if they have
                                    chosen weak passwords. Therefore, vulnerable passwords can be identified reasonably
   386   387   388   389   390   391   392   393   394   395   396