10 Immutable Laws of Security
I love this page from Microsoft declaring the 10 laws of security..... Most of which I have to say is just good old common sense. But then again there a lot of stupid people out there !!
Source Microsoft 10 Immutable Laws
Here at the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. (See "A Tour of the Microsoft Security Response Center"). In other cases, the reported problems simply result from a mistake someone made in using the product. But many fall in between. They discuss real security problems, but the problems don't result from product flaws. Over the years, we've developed a list of issues like these, that we call the 10 Immutable Laws of Security.
Don't hold your breath waiting for a patch that will protect you from the issues we'll discuss below. It isn't possible for Microsoft—or any software vendor—to "fix" them, because they result from the way computers work. But don't abandon all hope yet—sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems.
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea
No comments:
Post a Comment