Ten Immutable Laws Of Security

Interesting article on TechNet:

Law #1:

If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.

Law #2:

If a bad guy can alter the operating system on your computer, it’s not your computer anymore.

Law #3:

If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

Law #4:

If you allow a bad guy to run active content in your website, it’s not your website any more.

Law #5:

Weak passwords trump strong security.

Law #6:

A computer is only as secure as the administrator is trustworthy.

Law #7:

Encrypted data is only as secure as its decryption key.

Law #8:

An out-of-date antimalware scanner is only marginally better than no scanner at all.

Law #9:

Absolute anonymity isn’t practically achievable, online or offline.

Law #10:

Technology is not a panacea.

http://technet.microsoft….y/hh278941.aspx

This entry was posted in Security by James. Bookmark the permalink.

About James

I am an Infrastructure Systems Administrator in the Infrastructure Systems Group (ISG) within ISS. We are responsible for a number of the core services which support the IT Infrastructure of the University including Active Directory, Exchange, DNS, Central Filestore, VMware and SQL. I hold number of current Microsoft Certifications and am also a Symantec Certified Specialist (Netbackup) http://twitter.com/JamesAPocock

Leave a Reply

Your email address will not be published. Required fields are marked *