In a recently-released (dated: 2004; released to non-members: 2007) publication, the Internet Security Forum suggested that the network boundary may be disappearing. Essentially, every client has other network connections that thus make it a host or peer to hardware outside the network.
In a conversation that this author had with the network manager of a large, multi-campus organisation, this conclusion has been challenged. The contrary contention is that the network boundary is coming back in the form of DMZs and VPNs. Essentially, data protection laws in the US which pertain to multi-nationals who are headquartered there will trickle down to their non-US subsidiaries and out-sourced contractors. Ultimately, one is to count on the network administrators to secure the executing environment so that applications do not need to worry about such issues.
This is a red herring. Even if data protection laws in the US were rigorously enforced, the most that currently transfers to a subsidiary or contractor is the understanding that data should be protected.
continue reading below our video
Tech 101: Recovering Lost Data
This leads to a case of plausible deniability, not assured computer security. In a court of law, that is all the corporation needs. As the movement grows for software companies to be held responsible for the security of their products, however, such plausible deniability does not help the average software house very much.
Instead, the software company and the programmers who work for it must ensure the security of their own code. This is a notoriously difficult task to do because variables by definition are non-specific. Nonetheless, the basic principles of programming securely still stand:
- Test all input, truncating or rejecting overflows
- Use Python's RExec class (for 'Restricted Execution') to limit the access priviliges of an running program
- Be wary of mutable values as Python defaults to passing values by reference. The first point applies to the value itself. As a security precaution, it is always best to copy the value to an internal variable name so it cannot be called for nefarious purposes.
- Guard against malicious use of any functions that interact with the operating system (e.g., exec(), eval(), execfile(), compile(), and input()).
- Ensure your code is not impacted by any of the Python security advisories.