This chapter has shown that there is quite a bit to creating guards and walls. This is the reason I emphasize making the creation of guards and walls a specialized task within your organization.
Here are the major lessons of this chapter:
The walls are primarily responsible for fortification.
Three technologies are typically used to build walls:
Database security configuration
All data coming into the fortress must be validated. Validation includes
Checking for string length violations
Checking for unexpected characters
Auditing is important if you need to track fortress changes.
Authentication is needed to verify that requests are coming from approved sources. Authentication is done with encryption/decryption algorithms based on either secret keys (in the shared-key system) or public/private keys (in the public/private–key system).
Privacy is about hiding data from prying eyes, which is accomplished by encryption/decryption.
Integrity means keeping data from changing as it passes through the drawbridge, which also makes use of encryption/decryption.
Nonrepudiation means being able to prove, at a later date, the source of an infogram. This is usually done with public/private–key systems.
Authorization, although it seems like a guard/wall issue, is usually done by a business application worker.