The CTDP Security Guide Version 0.2.0 September 1, 2000
This Security Guide is written with several purposes in mind. It is not written as a complete guide to computer security but is intended to give enough information to allow the reader to make somewhat competent security decisions without having to do a great deal of reading or study. The information contained in this document is not guaranteed to be accurate and the writer assumes no responsibility of the reader's use of any information contained herein. This document also provides information to allow the reader to do further study. The main objectives of this document are to:
There are several areas of security expertise which include but are not limited to:
Computer security defined in this document primarily is about enciphering and deciphering what is called plaintext. Plaintext is un-enciphered data which may be text or any other form of data. Please be aware that when it comes to the art of inventing data enciphering protocols, there are very specialized people in these fields. Therefore it is extremely unlikely that any one or group not specialized in these areas will successfully invent their own security protocols and have them be effectively secure. Most of us are dependent upon the specialists. We will likely use a published protocol with published key management and key generation schemes. However if you want to develop a specialized team of cryptographers, it is my opinion that you will want brilliant mathematicians, not generally programmers or engineers. This is because much math is required and math specialists are most skilled in this area. Also the math specialist has a desire to work on math problems, whereas the programmer or engineer likes to work on logic, development or design problems. However the programmer or engineer if they have a strong desire to concentrate on math and show talent in this area, may qualify for these specialized jobs. To be effective, I recommend a team of at least 5 people specialize in this area with half the team checking the work of the other half.
Keeping the encryption algorithm secret is not security.
Functions required for a secure system.