Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development team is designing the software architecture that shall be secure, scalable, responsive, and easy to maintain to support global operations. Which of the following is the least appropriate?
A. Divide concerns into four layers but deploy the solution in three tiers
B. Follow open design and use an open cipher to encrypt confidential data
C. Require strong passwords at least 15 characters to ensure security
D. Validate privileges with the price of the performance every time access occurs
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Require strong passwords at least 15 characters to ensure security.
Layer vs Tier
Layering is a logical way to group design concerns into different divisions or layers; Tiering is a physical way to deploy system components into different placements or tiers.
It’s not uncommon to deploy a software solution with a 3-layer design into a one-tier system, e.g. only one machine that runs the software solution.
This principle reflects recommendations by the 19th-century cryptographic writer Auguste Kerckhoffs, as well as Claude Shannon’s 1948 maxim: “The enemy knows the system:”
A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
AES, a cryptographic algorithm adopted by the US government, is a good example of open design. Unlike the previous encryption standard, AES was refined using an open process that published the results of the tests and analyses that led to its selection.
PS. Please don’t confuse the Kirchhoff’s circuit laws with the Kerckhoffs’s cryptographic principle.
The requirement of unreasonable password length is mentally or psychologically unacceptable. It causes harm to security instead of ensuring security.
Any protection mechanism works effectively only if the users will respect and follow it. It will push the users to write the passwords down and stick it to the display or tabletop if the systems require strong passwords at least 15 characters.
Access privileges must be validated every time access occurs. The authorization or access decisions retrieved from a cache may be efficient but it poses major risks, especially with distributed, long-running processes, e.g. TOU/TOC.
Complete mediation may be implemented with the price of system performance, but the performance can be controlled or managed to meet the service level. Complete mediation is a common design or practice as well.