Rule 3: System Security Degrades in Direct Proportion to Use

This is Farmer's Law (promulgated by computer security researcher Dan Farmer): "The Security of a Computer System Degrades in Direct Proportion to the Amount of Use the System Receives."1

Ignoring availability for a moment, a computer that's powered down is more secure than one that's powered up. A computer that's powered down, in a locked cage, in a subterranean bomb shelter, with armed guards might be secure. Once one person is using a system, risk increases. Once two or more are using a system, risk increases even more. Put the system on the Internet and provide some services ... I'm sure you get the idea. As Dan says, "Ignorant or malicious users do more damage to system security than any other factors."2

The trade-off between security and usefulness/functionality is the classic computer security dilemma. Many Linux distributions are built for maximum functionality and thus ship with massive collections of programs and wide-open security settings. On the other end of the continuum are bastion hosts set up as part of a firewall design. Many of these do one thing (i.e., filter packets between network A and network B) and one thing only. Analyze where you need to be along the security vs functionality continuum and plan appropriately.

1. Farmer admits that he probably wasn't the first to state it but since he calls it "Farmer's Law," I will too.

2. Dan Farmer,

Excerpt from Unix System Security Tools by Seth T. Ross
Copyright © 1999 by The McGraw-Hill Companies. Used with permission.
HTML Copyright © 1999




Albion Home | Netiquette | Netdictionary | Security

Copyright © 1990-2006 and Seth T. Ross