has abstract
| - Security by default, in software, means that the default configuration settings are the most secure settings possible, which are not necessarily the most user-friendly settings. In many cases, security and user-friendliness are evaluated based on both risk analysis and usability tests. This leads to the discussion of what the most secure settings are. As a result, the precise meaning of "secure by default" remains undefined. In a network operating system, this typically means first and foremost that there are no listening INET(6) domain sockets after installation; that is, no open network ports. This can be checked on the local machine with a tool like netstat and remotely with a port scanner such as nmap. As a general rule, a secure network is only as secure as the least secure node in the entire network. If a program uses secure configuration settings by default, the user will be better protected. However, not all users consider security and may be obstructed by secure settings. A common example is whether or not blank passwords are allowed for login. Not everyone can, or is willing to, type or memorize a password. Another way to secure a program or system is through abstraction, where the user has presented an interface in which the user cannot (or is discouraged to) cause (accidental) data loss. This, however, can lead to less functionality or reduced flexibility. Having user control preferences does not typically cause this but at the cost of having a larger part of the user interface for configuration controls. Some servers or devices that have an authentication system, have default usernames and passwords. If not properly changed, anyone who knows the default configuration can successfully authenticate. For non-unique defaults, this practice would violate the principle of 'security by default'. (en)
- 預設安全(Secure by default)是指在資訊系統中的預設設定是最高的資訊安全等級,對使用者而言不一定是最易用的設定。很多時候,資訊安全與易用性需要同時以與可用性测试來衡量。這讓引起了"什麼才是最高的資訊安全"的爭論。以結果來說,目前仍然難以定義所謂的"預設安全"。 (zh)
|