You implemented a next-generation firewall, which is deemed the most trustworthy component, to protect corporate networks. As a core component, it shall protect itself from all other devices, but the devices, conversely, do not need to protect themselves from the firewall. Which of the following is the design principle you followed to enforce network security?
A. Efficiently Mediated Access
B. Modularity and Layering
C. Hierarchical Protection
D. Least Privilege
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Hierarchical Protection.
Security Design Principles
NIST SP 800-160 V1 introduces three categories of security design principles:
- Security Architecture and Design
- Security Capability and Intrinsic Behaviors
- Life Cycle Security
Efficiently Mediated Access, Modularity and Layering, Hierarchical Protection, and Least Privilege are principles of Security Architecture and Design. The following is an excerpt from NIST SP 800-160 V1.
Hierarchical Protection
The principle of hierarchical protection states that a component need not be protected from more trustworthy components. In the degenerate case of the most trusted component, it must protect itself from all other components. For example, if an operating system kernel is deemed the most trustworthy component in a system, then it must protect itself from all untrusted applications it supports, but the applications, conversely, do not need to protect themselves from the kernel. The trustworthiness of users is a consideration for applying the principle of hierarchical protection.
Efficiently Mediated Access
The principle of efficiently mediated access states that policy-enforcement mechanisms should utilize the least common mechanism available while satisfying stakeholder requirements within expressed constraints.
Modularity and Layering
The principles of modularity and layering are fundamental across system engineering disciplines. Modularity and layering derived from functional decomposition are effective in managing system complexity, by making it possible to comprehend the structure of the system. Yet, good modular decomposition, or refinement in system design is challenging and resists general statements of principle.
Least Privilege
The principle of least privilege states that each component should be allocated sufficient privileges to accomplish its specified functions, but no more. This limits the scope of the component’s actions, which has two desirable effects: the security impact of a failure, corruption, or misuse of the component will have a minimized security impact; and the security analysis of the component will be simplified. Least privilege is a pervasive principle that is reflected in all aspects of the secure system design.
Reference
- Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (NIST SP 800-160 V1)
- Open Reference Architecture for Security and Privacy
- The Principles of Network Security Design
- Security by Design Principles according to OWASP
- Principles of Secure Network Design
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
您建置了次世代防火牆來保護公司的網路,該防火牆被認為是最值得信賴的組件。 作為核心組件,它應保護自己不受所有其他設備的侵害,但是相反的,這些設備則不需要保護自己不受防火牆的侵害。 您遵循以下哪項設計原則來實施網路安全性??
A. 高效介訪問 (Efficiently Mediated Access)
B. 模塊化和分層 (Modularity and Layering)
C. 階層式保護 (Hierarchical Protection)
D. 最小特權 (Least Privilege)