The trusted perimeter of the system
Trustboundary
Trustedcomponent list
Mechanismbetween untrusted component and trusted component.
The security mechanism between internalcomponents
ConfigurationManagement, especially Key management
Patch,including OS, used software and software itself
Secure storage
The security mechanism between externalcomponents and internal components
Input/outputdata flow
Authentication& Authorization
Communication:
Encrypteddata to avoid leak message
Measuresto avoid replay attack
Howto avoid Replay attack
Availability:
Redundancymechanism
Loadbalance
Recoverymechanism
Backup/ Replication
Monitorcomponent’s status
Common security concern:
Audit mechanism ( Log / IDS)
如果有更多的建议,希望能够回复本博客,列举出来!谢谢!