Four ways to improve security |
| |
Authors: | Snow B |
| |
Affiliation: | US Nat. Security Agency, USA; |
| |
Abstract: | How can you tell if an IT security product (or a product that includes security components) can secure your application? How can you be certain that a product will fully deliver on its claims that it will protect against malice in a deployed environment? Unfortunately, few vendors - and even fewer customers - can make these judgments. The article won't make you a security wizard, but it will give you a feel for what to look for in, and when to be concerned about, a vendor's claims. To ensure that a product has a chance of being secure; customers should check that vendors use adequate approaches in four primary areas. In order of importance (and maturity and availability), they are: quality-control (QC) mechanisms; cryptographic primitives; hardware assist mechanisms; and separation mechanisms. |
| |
Keywords: | |
|
|