|
-
April 21st, 2005, 02:57 PM
#1
10 Worst Security Practices
This article on the 10 worst security practices and what to do instead is excellent. The article accurately reflects real life and I highly recommend it as a must read if you are involved in enterprise level security. I agree with every single point made by the author, which is rare.
http://www.securitypipeline.com/159900223
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 21st, 2005, 03:43 PM
#2
Good read.
Thanks much.
edit -- bah can't assign grennies, must spread ap's around.
-
April 21st, 2005, 03:50 PM
#3
That's ok, I did for you. 
-
April 21st, 2005, 03:50 PM
#4
Great article..Thanks
Security isn't something that you buy, it's something you do,"
Lots of good tips....
I like the password one...cause making it too hard for them... your just asking for them to write it down.
My new thing is using pass-phases...appears the users do mind that too much.
As for the data...I have always locked down data\machine access...depending on the role of the user.
Again excellent article..and links.
One of the many reasons I visit AO...as I rarely have time to search out\read through the vast amount of articles out there,
...and greatly appreciate recommendations from AO members
Mlf
How people treat you is their karma- how you react is yours-Wayne Dyer
-
April 21st, 2005, 07:03 PM
#5
Yeah, it's rare that I find an article that I agree with 100%. Many are written by non practicing security folks or worse, those will very little experience.
All points are excellent but my two favorite things mentioned are:
1) Ignore the human element.
2) To run a tight ship, take an authoritarian approach.
These things, to me, are huge.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 21st, 2005, 07:14 PM
#6
Uh.. shouldn't it be 11? (or am I miscounting something?)
-
April 21st, 2005, 07:28 PM
#7
The ability to explain the situation so that the user forms the opinion what they asked for is wrong before you have to say no is huge. If they think they have some kind of ownership of a decision it's a lot easier to get them onboard for things in the future.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
April 21st, 2005, 07:37 PM
#8
Good article, thanks for posting it. I don't think it can be stressed enough just how important the human element is in regards to network security.
Make sure security is highly visible, even intrusive. In-your-face security is an invitation for people to find workarounds. Take the typical morning routine: First, users log on with passwords to Windows, then the Novell server, then the salesforce application. Once connected, they get constant alerts from your desktop firewall, your spam filter, your antivirus scanner.
The result? Once some users log on, they never log off, even when leaving for the evening, because it's such a pain to repeat the procedure. And many users lower the settings on desktop firewalls and scanners to the weakest level to shut them up.
I can definately relate to this one as the company I work at users sometimes don't log out after hours for one reason or another. Luckily we can monitor them and remotely restart the machines to avoid possibly security holes if necessary.
And so at last the beast fell and the unbelievers rejoiced. But all was not lost, for from the ash rose a great bird. The bird gazed down upon the unbelievers and cast fire and thunder upon them. For the beast had been reborn with its strength renewed, and the followers of Mammon cowered in horror. -from The Book of Mozilla, 7:15
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
