Good design should:
- Make services hard to compromise
Designing with security in mind means using concepts and techniques which make it harder for attackers to compromise the service using commodity techniques
- Reduce the impact of a compromise
Design the service with the expectation that it will include some vulnerabilities and that the exploitation of a single one should not result in a significant compromise
- Make compromises easy to detect
Even if you take all available precautions, there’s still a chance your system will be compromised by a new or unknown attack. If this happens you want the best chance of detecting the compromise
- Make services hard to disrupt
Service availability is often a paramount concern, and good design can help deal with attacks intended to affect it
We have published a set of security design principles which can be used by technical architects and developers to guide the design process.
Source: NCSC
