Principle 1:Securing the weakest Security is a chain;a system is only as secure as the weakest link Spend your efforts on improving the security of the weakest part of a system,as this is where attackers will attack Bank vs.convenience store -Firewall vs.application visible through firewall Social engineering:a common weak link -Software can be weak,surrounding infrastructure can be weaker. -Typical scenario:a service center gets a call from a sincere-sounding user Educating users may be best investment to improve security,eg.,think of phishing attacks,weak passwords Table ll.Character composition information about each password dataset a-zA- Dataset a-z+A-Z+A-Za-z+0-9]+ [a-z+ a-z+1 a-zA-Z+ T0-9]+ T0-9]+ Z0-9]+ [0-9]+ [0-9]+[a-zA-Z]+ [a-z]+ Tianya 9.966 0.18% 10.29% 63.776 98.059% 14.63% 0.12% 15.64% 4.379% 4.11% Dodonew 8.79% 0.27% 9.37% 20.49% 82.88% 40.81% 1.39% 42.94% 7.31% 6.95% CSDN 11.64% 0.47% 12.35% 45.01% 96.31% 26.14% 0.24% 28.45% 6.46% 5.88% Duowan 10.30% 0.09% 10.52%52.84% 97.59% 23.97% 0.37% 24.84% 6.04% 5.83% Myspace 7.18% 0.31% 7.66% 0.71%89.95% 65.66% 18.24% 69.779% 6.02% 5.66% Singles.org 60.20% 1.92% 65.829%6 9.58%99.78% 17.77% 2.73% 19.68% 1.92% 1.77% Faithwriters 54.40% 1.16% 59.04% 6.35% 99.57% 22.82% 4.13% 25.45% 2.73% 2.37% Hak5 18.61% 0.27% 20.39% 5.56%92.13% 16.57% 2.01% 31.80% 1.44% 1.21% -CSE825 3CSE825 3 Principle 1: Securing the weakest  Security is a chain; a system is only as secure as the weakest link.  Spend your efforts on improving the security of the weakest part of a system, as this is where attackers will attack. ─ Bank vs. convenience store ─ Firewall vs. application visible through firewall  Social engineering: a common weak link. ─ Software can be weak, surrounding infrastructure can be weaker. ─ Typical scenario: a service center gets a call from a sincere-sounding user ─ Educating users may be best investment to improve security, eg., think of phishing attacks, weak passwords