<A HREF="http://biz.vanrein.org">biz.vanrein.org</A> / <A HREF="/rick">rick</A> / audit
<BR><BR>
<BLOCKQUOTE>
<BLOCKQUOTE>
<P><B>Security.</B>
	Electronic businesses need security.
	Sometimes an encrypted website is all that is needed, but there often is a need for more.
	To ensure that accounts of customers are well protected.
	From external powers and from other customers.
	And, perhaps, even from the business itself.
	Or from a hosting system.
	Time to panic... or read on!</P>

<UL><B>Architecture.</B>
	One side of security is a well-designed architecture.
	Using strong tools, with a proven history.
	Not too much, not too little.
	Perhaps using client certificates, perhaps using PGP or SSH.
	Never self-coined, unproven methods.
	A security audit verifies the architecture.</UL>

<P><B>Imagination.</B>
	Another side of security is finding possible holes, and closing them.
	This is the hard part of a security audit.
	It cannot be standardised in a procedure.
	It probably cannot be taught.
	And many holes don't show up in a series of standard tests either.
	Instead, a thorough evaluation of the security architecture is needed.
	By someone with an imaginary mind.
	Someone who does not follow standard procedures.
	Someone who instinctively pries open the holes in a system.</P>

<UL><B>Experience.</B>
	Rick is well up to speed with cryptographic techniques, both in theory and in practice.
	Meaning, the principles are understood, their limits, but also the available tool support.
	Rick somehow pries open holes that others overlook.
	Some serious, strongly security-aware internet sites have improved their security based on holes found by Rick.
	But perhaps it took an imaginary mind to find them.</UL>
</BLOCKQUOTE>
</BLOCKQUOTE>