Today when clearing up my desk, I ran across some old stained printouts called the 10 Immutable laws of security. Reading them again, I see the information still stands today so I thought why not sharing these with you.
10 Immutable Laws of Security: see essay on http://technet.microsoft.com/en-us/library/cc722487.aspx
- Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
- Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
- Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
- Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more
- Law #5: Weak passwords trump strong security
- Law #6: A computer is only as secure as the administrator is trustworthy
- Law #7: Encrypted data is only as secure as the decryption key
- Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
- Law #9: Absolute anonymity isn’t practical, in real life or on the Web
- Law #10: Technology is not a panacea
10 Immutable Laws of Security Administration: see essay on http://technet.microsoft.com/en-us/library/cc722488.aspx
- Law #1: Nobody believes anything bad can happen to them, until it does
- Law #2: Security only works if the secure way also happens to be the easy way
- Law #3: If you don’t keep up with security fixes, your network won’t be yours for long
- Law #4: It doesn’t do much good to install security fixes on a computer that was never secured to begin with
- Law #5: Eternal vigilance is the price of security
- Law #6: There really is someone out there trying to guess your passwords
- Law #7: The most secure network is a well-administered one
- Law #8: The difficulty of defending a network is directly proportional to its complexity
- Law #9: Security isn’t about risk avoidance; it’s about risk management
- Law #10: Technology is not a panacea