What Does System Resilience Mean for Security?
The resilience of a system is a measure of its ability to keep running, even under less-than-ideal conditions. Resilience is important at all levels, including network, operating system, subsystem (such as database management system or web server), and application.
Resilience can mean a lot of different things. Here are some examples:
- Filter malicious input. System can recognize and reject input that may be an attack. Examples of suspicious input include what you get typically in an injection attack, buffer-overflow attack, or Denial of Service attack.
- Data replication: System copies critical data to a separate storage system in the event of component failure.
- Redundant components: System contains redundant components that permit the system to continue running even when hardware failures or malfunctions occur. Examples of redundant components include multiple power supplies, multiple network interfaces, redundant storage techniques such as RAID, and redundant server architecture techniques such as clustering.
- Maintenance hooks: Hidden, undocumented features in software programs that are intended to inappropriately expose data or functions for illicit use.
- Security countermeasures: Knowing that systems are subject to frequent or constant attack, systems architects need to include several security countermeasures in order to minimize system vulnerability. Such countermeasures include
- Revealing as little information about the system as possible. For example, don’t permit the system to ever display the version of operating system, database, or application software that’s running.
- Limiting access to only those persons who must use the system in order to fulfill needed organizational functions.
- Disabling unnecessary services in order to reduce the number of attack targets.
- Using strong authentication in order to make it as difficult as possible for outsiders to access the system.