To understand the technical security risks of a system, architects and designers need to understand the nature of these risks in order to prevent problems. The nature of risks in our systems can be categorized into four major areas:
Improperly configured systems
Poor authentication, or insufficient password requirements
Lack of encryption in network traffic
The primary reason that any given part of a system is a security risk is improperly configured, or buggy, software. An improperly configured system, or a system with a bug, opens a security hole that can be exploited. One of the most famous security breaches has been chronicled by Clifford Stoll in his book The Cuckoo's Egg, in which he describes the eventual capture ...