Perfect Security


Perfect Security does NOT exist.

There is this idea that there is some system where you want to let in some Entities that are Authorized and not let in other Entities that are Unauthorized. In this system, you will always have to trust some entity in some way, and these people may still be able to attack your system.

What do we mean by Secure System?#

A System is Secure when it provides a sufficient level of Security to protect the Resources against some Threat Model.

Most Organizations protect their Network with a firewall, but many of the really harmful attacks are performed by Internal Attackers, and a firewall does NOT protect against insiders. A firewall will NOT protect against a malicious employee. This is a mismatch in the Threat Model.

Some items. like Digital Rights Management (DRM) are impossible to protect. An Attacker could always take a Photograph of a computer screen or record an Audio. Be sure to include these attacks in the Threat Model.

Weakest Link Property#

A security system is only as strong as its weakest link.

More Information#

There might be more information for this subject on one of the following: