Category: "Security Engineering"

About the Security Engineering category

  22:47, by Hagai Bar-El   , 49 words
Categories: Security Engineering

The Security Engineering category contains articles that discuss analysis of requirements and solutions that are of interest to the security engineer. As opposed to the IT Security category, the articles of this category address not the secure deployment of systems, but the secure design of systems -- software and hardware.

Pages: 1 3 4

  2017-10-13

For and against security checklists, frameworks, and guidelines

  18:03, by Hagai Bar-El   , 636 words
Categories: Security Engineering, Security, Cyber Security, Counter-media
We have seen many of those by now. Starting with old ones like FIPS 140, and concluding with more recent additions as the NIST CSF (Cyber Security Framework). The question is: are whose worth my time? What are they good for? Do we need to adhere to them? In a nutshell, I think they have their value, and need to be consulted, but not worshiped. more »

  2015-08-05

Unsafe IoT safes

  21:07, by Hagai Bar-El   , 154 words
Categories: Security Engineering, Cyber Security
I have been saying that one of the challenges with securing IoT is that IoT device makers don't have the necessary security background, and the security industry does not do enough to make cyber-security more accessible to¬†manufacturers. more »

  2015-07-22

Why secure e-voting is so hard to get

  23:07, by Hagai Bar-El   , 1708 words
Categories: Security Engineering, Security Policies, Cyber Security
Following is my opinion on why reliable fully digital e-voting cannot be accomplished given its threat and security models. more »

  2015-02-15

Top challenges of securing IoT

  22:03, by Hagai Bar-El   , 917 words
Categories: Security Engineering
As much as there is hype about the Internet of Things (IoT) and protecting it, there is no such thing as "IoT Security" per se. There is just the usual security engineering that is applied to IoT. Security engineering is about determining assets,… more »

  2014-12-06

The ease of hacking surveillance cams

  20:43, by Hagai Bar-El   , 30 words
Categories: Personal News, Security Engineering
An article and interview with me by Byron Acohido of ThirdCertainty about why surveillance cams are trivial to hack. The discussion also moves towards IoT in general. more »

  2014-11-13

Prime numbers and security

  02:28, by Hagai Bar-El   , 607 words
Categories: Security Engineering
Without much relation to anything, I wrote this short essay about the role prime numbers play in Internet security. In a nutshell, security relies on the ability to form¬†leverage for the defender over the adversary. Such leverage can be of one of two… more »

  2014-10-15

Poodle flaw and IoT

  17:53, by Hagai Bar-El   , 457 words
Categories: Security Engineering
The Poodle flaw discovererd by Google folks is a big deal. It will not be hard to fix, because for most systems there is just no need to support SSLv3. Fixing those will only imply changing configuration so not to allow SSL fallback. However, this flaw brings to our attention, again, how the weakest link in security often lies in the graceful degredation mechanisms that are there to support interoperability. Logic that degrades security for the sake of interoperability is hard to do right and is often easy to exploit. Exploitation is usually carried out by the attacker connecting while pretending to be "the dumbest" principal, letting the "smarter" principal drop security to as low as it will go. All this is not new. What may be new is a thought on what such types of flaws may imply on the emerging domain of the Internet-of-Things. more »

1 3 4