The concept of integrity is sometimes extended to include verifying that the source of
the message is the same as the stated source. Timestamps and message sequence numbers
can protect against ???replay attacks,??? but, again, they are not considered secure unless they
are protected by encryption.
Security is always relative, never absolute. For every defense, there is (or will soon
be) a successful attack. For every attack, there is (or will soon be) a successful defense.
Only time and effort are really at issue. The better the defense, the more time and effort it
takes to breach.
The right defense is the one that is balanced and that matches the expected range of
attacks. Balance is important in two senses. First, the weakest link must be secure enough.
Second, the passive elements of authentication, encryption, and integrity check must be
backed up by active elements such as monitoring and pursuing attempted breaches,
maintaining security discipline, and so forth. The right defense is one in which a breach
requires just slightly more time and effort from attackers than they are willing to invest.
Security measures impose costs and constraints on the defender.
Pages:
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113