Secure by default

Secure by default

Secure by default, in "software", means that the default configuration settings are the most secure settings possible, which are not necessarily the most user friendly settings. In many cases, security and user friendliness is waged based on both risk analysis and usability tests. This leads to the discussion "what" the most secure settings actually are. As a result, the precise meaning of Secure by default remains undefined.

In a network operating system, this typically means first and foremost that there are no listening INET(6) domain sockets after installation. That is, no open network ports. This can be checked on the local machine with a tool such as netstat, and remotely with a port scanner such as nmap. As a general rule, a secure network, is only as secure as the "least" secure node in the entire network.

If a program uses secure configuration settings by default, the user will be better protected.Fact|date=March 2007 However, not all users will care about securityFact|date=March 2007 and may be obstructed by secure settings. A common example is whether or not blank passwords are allowed for login. Not everyone can, or is willing to, type or memorize a password.Fact|date=March 2007

Another way to secure a program or system is through abstraction, where the user is presented an interface in which the user cannot (or is discouraged to) cause accidental data loss. This however, can lead to less functionality or reduced flexibility.Fact|date=March 2007 Having user control preferences does not typically cause this, but at the cost of having a larger part of the user interface for configuration controls.

Some servers or devices that have an authentication system, have default usernames and passwords. If not properly changed, anyone who knows the default configuration can successfully authenticate.

Operating systems

OpenBSD claims to be the only operating system that is fully secure by default. This, however, does not mean it's inherently the most secure operating system, because that depends on the definition of an operating system. There are many operating systems that are not capable of networking with other systems. Thus, considering the amount of network-based security compromises today, one can argue such an operating system is more secure. OpenBSD is a NOS (Network Operating System).

Ubuntu is a GNU/Linux distribution aimed at the desktop user that by default hides the administrative account and only allows the first user to gain administrative privileges for certain system tasks (such as installing system updates, and managing disk drives). Mac OS X does not hide this account, but users with limited rights can still fully utilise the system.Fact|date=March 2007

Microsoft Windows and Linspire have been criticisedFact|date=March 2007 for allowing the user to have administrative privileges without warning — a potential threat to the system. Windows Vista attempts to remedy this situation through its User Account Control system.

ee also

*Computer security
*Usability
*Default (computer science)
*Secure by design
*Authentication


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Secure by design — Secure by design, in software engineering, means that the software has been designed from the ground up to be secure. Malicious practices are taken for granted and care is taken to minimize impact when a security vulnerability is discovered. For… …   Wikipedia

  • Secure Shell — or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. RFC 4252] Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for TELNET… …   Wikipedia

  • Default — De*fault , n. [OE. defaute, OF. defaute, defalte, fem., F. d[ e]faut, masc., LL. defalta, fr. a verb meaning, to be deficient, to want, fail, fr. L. de + fallere to deceive. See {Fault}.] 1. A failing or failure; omission of that which ought to… …   The Collaborative International Dictionary of English

  • Secure Socket Tunneling Protocol — (SSTP) is a form of VPN tunnel that provides a mechanism to transport PPP traffic through an SSL channel. SSL provides transport level security with key negotiation, encryption and traffic integrity checking. The use of TCP port 443 should… …   Wikipedia

  • Secure Real-time Transport Protocol — The Secure Real time Transport Protocol (or SRTP) defines a profile of RTP (Real time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast… …   Wikipedia

  • Secure Digital — SDHC redirects here. For the gene, see SDHC (gene). SD, SDHC, SDXC SD (top), miniSD, microSD cards Media type Memory card Capacity SDSC (SD): 1 MB to 2 GB although 4 GB cards are available SDHC: 4 GB to 3 …   Wikipedia

  • Secure Digital — Сравнение размеров различных видов SD карт Secure Digital Memory Card (SD)  формат карт памяти, разработанный для использования в основном в портативных устройствах. На сегодняшний день широко используется в цифровых фотоаппаратах …   Википедия

  • Secure error messages in software systems — In computer security and usability of software systems, an important issue is the design of error messages in a way that prevents security vulnerabilities. This aspect of software security has only recently begun to receive increased attention.… …   Wikipedia

  • Secure Digital — Speichermedien Allgemeines Name SecureDigital Memory Card Abkürzung SD Card …   Deutsch Wikipedia

  • Secure Digital Card — Speichermedien Allgemeines Name SecureDigital Memory Card Abkürzung SD Card …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”