Vulnerabilities in system design can be detrimental to any network, large or small any flaw that can be exploited should not be taken lightly. Engineers generally assume that mechanisms serve their intended purpose. Is that always true? The “smarter” something is, the quicker we lose control and become fully dependent on it (Trofimova & Hoske, 2016).
A vulnerability I found is a trust assumption and that is when a designer is aware of a security weakness and determining that a separate security control would compensate for it. However, trust assumptions are often implicit, such as creating a feature without first evaluating the risks it would introduce (Mozilla, 2018). This is something that when designing your system to not underestimate because as the article stated, these assumptions are often complicit and don't take every risk into account which could leave a window open to your system.
Another is always consider the users, this means when designing your network take into account the people that will be using it on a daily basis (IEEE, 2014) Every system is different and complex and therefore requires the designer to know who his users are. The security stance of a software system is inextricably linked to what its users do with it. It is therefore very important that all security-related mechanisms are designed in a manner that makes it easy to deploy, configure, use, and update the system securely. Remember, security is not a feature that can simply be added to a software system, but rather a property emerging from how the system was built and is operated (IEEE, 2014).
Trofimova, E., & Hoske, M. T. 1. mhoske@cfemedia. co. (2016). Retrieved from https://lopes.idm.oclc.org/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=aci&AN=117494073&site=ehost-live&scope=site
Mozilla. (2018). Vulnerabilities. Retrieved from https://developer.mozilla.org/en-US/docs/Web/Security/Information_Security_Basics/Vulnerabilities
IEEE. (2014). Avoiding the top 10 software security design flaws. Retrieved from https://pdfs.semanticscholar.org/b291/be7d567d63dc60043a8cb1fbbfcfe8d18c83.pdf