Several security levels

Know chuangyu

I personally think security can be divided into several popular levels.

One level is: you do not know, this is the most basic level, such as the password authentication mechanism, but it is also a relatively fragile level that you do not know, the vulnerability of the system can be grayed out, for example, through direct disassembly and verification, or through some means, such as internal information leakage.

One level is that you do not have a proprietary device, for example, which is viewed from a cost perspective. If an attacker pays much more cost to acquire related technologies or devices than expected, you are not safe, but when the attacker costs less than expected, you will not become a barrier. when more and more devices are used in important scenarios, the cost of acquiring these proprietary devices will not become a barrier for attackers.

One level is: you do not dare. If the law is sound and the attack behavior is followed up to investigate and handle effectively, even if the front-end does not have any security measures, it can greatly reduce security risks. in essence, cost-benefit is determined by the risk cost after the attack.

One level is: you cannot, even if you do not consider cost-effectiveness, in the current or foreseeable future, it is difficult to invest relevant resources to achieve the goal. in fact, it is a model that assumes that the benefits are infinite, but the cost is subject to the actual technical constraints (the maximum assumption can be the maximum cost limit that can be invested in the country.

At present, many systems are assumed that you do not know + you are not a security goal. As you develop, we should gradually assume that you do not dare + you cannot be a security target.