Gday Marc
Quote:
|
Well designed distributed systems work very well.
|
Until someone wants to do something you havent thought of
ie Stuxnet is the best one so far, but im sure there's lots more we havent been told about.
Quote:
|
Low level developers don't usually get too "creative" about security. They know what they're doing given the parameters to work with. Or just told what to do. The problem is communication between dpt.
|
I think its actually worse than that. The designers specify
what they want, but dont/cant specify what its not allowed to do, esp when being transmitted "between" departments that arent part of a self contained organisation.
After writing and testing systems for many years, i always learnt that doing what the spec said is only 10% of the work.
Preventing it being "deliberately" abused is a far bigger problem and costs a lot more money. I dont trust our pollies to get the first bit right yet, and hold no hope of them making it secure from deliberate attacks, as they will baulk at the cost alone.
ie in one place i worked, wireless and thumb drives were banned
All comms cables had to be laid in clear plastic tubes so a clear visual inspection could be done at any time, etc etc.
Thats not cheap.
Andrew