xi ;;Quote: cryptography can not protect us with mathematics; it can not keep our secrets safe, nor protect our electronic interactions

xi ;;Quote: palpable, useful security involves people -- things people know, relationships between people, and how people relate to machines; while digital security involves complex, unstable computers

8 ;;Quote: good security encompasses prevention, detection, and reaction; e.g., a vault with alarms and the threat of arrest

8+;;Quote: digital security relies on prevention while ignoring detection, response, and auditing

73 ;;Quote: authentication, integrity, and accuracy differ; authentication concerns the origin of data (e.g., who signed) while integrity concerns the validity of data (e.g., was there tampering); accuracy concerns the correspondence between data and reality

126 ;;Quote: multilevel security and mandatory access control concentrate on confidentiality; it assumes that classifications are fixed and well known; it may deny legitimate access

130 ;;Quote: covert channels easily leak a cryptographic key; created through a shared resource such as white space

133 ;;Quote: a secure OS needs mandatory security, controlled by a policy administrator, that enforces who has access to data and its encryption

133+;;Quote: a secure OS needs a trusted path to trusted software that cannot be impersonated; is a login screen valid?

136 ;;Quote: authentication depends on something you know (password), something you are (biometrics), and/or something you have (access token)

147 ;;Quote: use a two part password, a long password on a slip of paper and a short one memorized

147 ;;Quote: one-time passwords written down as a list; store the list securely

148 ;;Quote: Kerberos issues a ticket to log into a server and a session key; the server authenticates the ticket and an authenticator built from the session key and the requestor's long-term key

163 ;;Quote: code signing does not make sense; is a signer trusted? are signed components safe? in what degree is it safe? where is the evidence stored?

163+;;Quote: storing the evidence of an attack on the computer under attack is mostly useless

168 ;;Quote: SSL establishes a secure connection between a browser and an unknown SSL server; users ought to check the SSL certificate that identifies the server

225 ;;Quote: a digital signature does not convey the signer's intentions; did she read and understand the document?; it is not a signature

303 ;;Quote: first, define the threat model and risks; second, create a security policy; third, design the countermeasures that enforce the policy

315 ;;Quote: a smart card is secure within itself, while a magnetic strip card reveals its signing key to any reader

318 ;;Quote: an attack tree is an AND/OR threat model; OR nodes are alternative attacks, AND nodes are steps to implement the attack

318+;;Quote: evaluate a system's vulnerabilities by propagating leaf nodes to the attack tree's root; e.g., PGP

344 ;;Quote: functional testing does not identify security flaws; need public, expert evaluation

361 ;;Quote: secure systems should be as simple as possible; complexity is the worst enemy of security

367 ;;Quote: compartmentalize security; limit damage from a successful attack; e.g., door keys, user accounts, encrypted files

368 ;;Quote: security by least privilege; give only those privileges needed to accomplish the task

369 ;;Quote: secure the weakest link in the attack tree; look at the entire vulnerability landscape

369 ;;Quote: a choke point forces users into a narrow channel for easier monitoring and control; e.g., turnstiles, checkout lanes, doors, firewalls, routers, fraud detectors

370 ;;Quote: improved security through defense in depth; e.g., door locks, window alarms, and motion sensors

370 ;;Quote: systems should fail securely, i.e., fail-safe; if a firewall crashes, it should not let in any packets

371 ;;Quote: a defender has knowledge of the terrain; keep it obscure; leverage unpredictability in security systems

373 ;;Quote: security is a lot easier if you assume trusted and intelligent users; for the most part, insiders are your allies

373 ;;Quote: the goal of security is assurance that our systems possess only the properties that we want; assurance that systems work properly

373 ;;Quote: constantly question security; question your assumptions; question your decisions; trust no one, especially yourself

374 ;;Quote: modern society does not prevent crime; it detects crime after the fact

374+;;Quote: detect intruders in close to real time, while they are still engaged in the attack

375 ;;Quote: understand the attack and what it means; detect, localize, identify, assess

376 ;;Quote: respond to attacks, otherwise detection is a waste

376 ;;Quote: produce audit logs that are admissible in court, prove guilt, and do not contain secrets

378 ;;Quote: be vigilant; for detection and response to be effective, it must work always; be prepared for an attack

379 ;;Quote: for good security, watch the watchers; e.g., banks and casinos

380 ;;Quote: recover quickly from attacks; preventative countermeasures fail all the time; field upgrades