Secure design principles

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

1. Minimise attack surface area:

This principle involves reducing the attack surface, i.e. reducing the number of possible entry points for system or application breaches. This is achieved by limiting the functions, services, and privileges to the minimum necessary to reduce the risks of external attacks and breaches.

  • Verify that only necessary services and ports are open on the servers.

  • Turn off or deactivate unnecessary or unused functions and services.

  • Review and limit access to data and functions only to authorized users.

2. Establish secure defaults:

This principle involves setting secure default settings and parameters for the system or application. This helps to avoid dangerous or weak settings that can become vulnerabilities and be exploited by attackers.

  • Verify that all default settings are secure and do not create potential risks.

  • Disable or prohibit all unreliable default functions or services.

  • Apply strong passwords and default encryption settings.

3. The principle of Least privilege:

This principle involves ensuring that each user or system component has access only to the necessary resources and rights. Providing only limited access that is necessary to perform one’s duties helps to reduce the risk of unauthorized access and data leakage.

  • Review and limit user and system component privileges only to the data and operations that they must have access to.

  • Define access levels for different users and user groups according to their duties and roles.

  • Access rights should be limited based on need, not by default.

4. The principle of Defence in depth:

This principle involves applying multiple layers of protection at different levels of the information system. By using various security controls and measures that complement each other, a higher level of security and protection of information is ensured.

  • Install firewalls and filters to control inbound and outbound traffic.

  • Use encryption mechanisms to protect data during transmission and storage.

  • Apply intrusion detection and protection systems (IDS/IPS) to respond to vulnerabilities and attacks.

5. Fail securely:

This principle involves proper handling of errors and unexpected situations in software. In the event of errors or system failure, the system should be designed to ensure safe recovery and resumption of operation without leaking information.

  • Ensure proper handling and display of errors on the client side without disclosing confidential information.

  • Record error details in logs on the server for further analysis and correction.

  • Install mechanisms for detecting and automatically restoring the system after unexpected errors.

6. Don’t trust services:

This principle indicates that applications and systems should not trust external services and data sources without verification. Mechanisms for verifying the authenticity of information from external sources must be provided.

  • Verify the validity and correctness of external service data.

  • Apply mechanisms for verifying the authenticity and authentication of each external service.

7. Separation of duties:

This principle involves distributing authority among different individuals or roles in an organization. This helps to avoid conflicts of interest and malicious actions, providing control and balance in access to resources.

  • Define different roles and responsibilities in the system and ensure that each role only performs its functions.

  • Limit the possibility of one person or role executing conflicting responsibilities simultaneously.

8. Avoid security by obscurity:

This principle warns against depending on the security of a system or application based on implementation details that are hidden or implicit. Instead, we should rely on established and open methods of protection.

  • Apply standard and open cryptographic algorithms and protocols.

  • Do not hide implementation details of the system or security mechanisms from the development and testing team.

9. Keep security simple:

This principle emphasizes the importance of simplicity and clarity of security mechanisms. Complex systems and solutions often lead to errors and vulnerabilities, so it is better to use simple and effective methods.

  • Use simple and clear security protection and encryption methods.

  • Avoid duplicating complex and convoluted security mechanisms that could be a source of errors.

10. Audit and Monitoring:

Implementing audit and monitoring mechanisms that allow for detection and response to security events, including unusual activities and hacking attempts.

  • Implementation of audit and monitoring mechanisms to detect and respond to security events.

  • Detection of unusual activities and hacking attempts.