In: Computer Science
How were the original Internet requirements met through its design? What are the two main requirements that you see missing from the original design that
are much needed today?
Answer:-
Communication is a Requirement
Good communication is required to set, meet, and maintain expectations. Our proposal, project plan, and invoices should align all expectations regarding the website design project.
Creating the Blueprint
The combination of project goals and expected results drive our team to strategic decisions for every web design and content deliverable in our process.
At the risk of taking a cheap shot at H. Clinton supporters, one thing you DO NOT do is ask the IT guy from your office to cobble something together in your basement.
In fact, as a general rule, if you have to ask this question, then don’t even attempt to do it; the only useful answer I can give is “Hire a professional who knows how to do it because he or she has years of special training followed by a lengthy apprenticeship”.
However, in the spirit of Quora, I will try to answer the question to the best of my ability.
First, determine what you mean by “high security”. Does it have to withstand attack by the NSA, or their Russian or Chinese counterparts? Are you trying to protect Amazon’s secret plans to take over Quora? Or is your idea of “high security” to prevent your spouse from knowing where you go on the Internet when you’re in the privacy of your home office?
What you’re trying to protect will determine how much time, effort, and money you are willing to put into designing your secure system.
Let’s say you’re designing a secure tactical communications network for your government’s military, to carry Secret information.
To get such a system approved, you need two things - Certification, and Accreditation.
Certification means that the system has met all the security-related design requirements. Accreditation means that someone appointed by the government is willing to put his or her personal reputation on the line by signing off on it.
You need to be familiar with the relevant guidelines; in the US, download "Special Publication 800-37 Revision 1", aka “ Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach” from the NIST website; this is their six-step Risk Management Framework.
There is also a whole library of Federal Information Processing Standards (FIPS), including (but certainly not limited to)
FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions;
FIPS 201-2 Personal Identity Verification (PIV) of Federal Employees and Contractors;
FIPS 200 Minimum Security Requirements for Federal Information and Information Systems;
FIPS 199 Standards for Security Categorization of Federal Information and Information Systems;
FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC);
FIPS 197 Advanced Encryption Standard (AES); FIPS 186-4 Digital Signature Standard (DSS);
FIPS 180-4 Secure Hash Standard (SHS); FIPS 140-2 Security Requirements for Cryptographic Modules (including Annex A: Approved Security Functions; Annex B: Approved Protection Profiles; Annex C: Approved Random Number Generators; Annex D: Approved Key Establishment Techniques;
and the list goes on.
If you’re not in the US, download the NIST SP and FIPS publications anyway, because good security is good security.
If you’re looking for a highly secure personal system that will be located in your basement and you don’t have to get it formally accredited by