Weakest Link Property
This article is a part of Crypt-0-nite publication talking on the Weakest link property.
We do not know the attacker.
We cannot gauge the attacker’s intent or actions, but we ought to design systems resistant to thwart an attacker’s attempts.
The weakest link property implies that a system is only as secure as its weakest link.
You might have the world’s best resources or practices but it wouldn’t really matter since the system is susceptible to attacks where its weak.
In the course of attack trees, we can see how people try and decipher the architecture of the system to exploit the weakest link.
In all essence, there must be no weak link to a truly secure system.
This isn’t easy to achieve in reality since we do not know which and what the weakest link is.
Repairing or improving any part of the system apart from the weakest link is an absolute waste of time.
In reality, we are better off improving weak links at all levels to thwart attacker’s attempts to spoil, steal or disturb the normal flow of events.
We can observe that this property predates the computer era.
In the story of David and Goliath and Achilles’ Heel in Troy.
Goliath’s weakest link was his head and Achilles’ his heel .
Both their weakness ultimately caused their downfall.
Leave no stone unturned to ensure that there is no weak link or even if so there are weak links, strengthen them.
Thank you.
