Immutable Laws of Security


http://encarta.msn.com/dictionary_1861620314/immutable.html

im·mu·ta·ble [ i my?t?b’l ]

adjective 

Definition:

unchanging or unchangeable: not changing or not able to be changed

I intent to write some security relating postings in the near future on my blog, and before I do so, it is critical that you have an understanding of some of the basics of Computer/Network/User security.

Going forward, you should be able to see all of my Security Related postings here:

http://blogs.technet.com/seanearp/archive/tags/security/default.aspx

and I would in particular recommend that you read the post on passwords here: Windows Server Longhorn Per User Password Policy

As part of the foundational reading, it is critical that you read the two following TechNet articles on the Immutable Laws of Security.  One thing that you will find is that these laws are technology and time agnostic.  They apply across platforms and across new releases of Operating Systems (even ours). The lists would be valuable printed and pasted to your cubicle wall, and for a discussion on each of the laws, click on the “10 Immutable Laws” links. To that end, I give you:

10 Immutable Laws of Security

  • Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
  • Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
  • Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
  • Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more
  • Law #5: Weak passwords trump strong security
  • Law #6: A computer is only as secure as the administrator is trustworthy
  • Law #7: Encrypted data is only as secure as the decryption key
  • Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
  • Law #9: Absolute anonymity isn’t practical, in real life or on the Web
  • Law #10: Technology is not a panacea

10 Immutable Laws of Security Administration

  • Law #1: Nobody believes anything bad can happen to them, until it does
  • Law #2: Security only works if the secure way also happens to be the easy way
  • Law #3: If you don’t keep up with security fixes, your network won’t be yours for long
  • Law #4: It doesn’t do much good to install security fixes on a computer that was never secured to begin with
  • Law #5: Eternal vigilance is the price of security
  • Law #6: There really is someone out there trying to guess your passwords
  • Law #7: The most secure network is a well-administered one
  • Law #8: The difficulty of defending a network is directly proportional to its complexity
  • Law #9: Security isn’t about risk avoidance; it’s about risk management
  • Law #10: Technology is not a panacea
Comments (6)

  1. ako says:

    US home solar power system capacity increase of 76% over last year, to 437 megawatts (MW) ,Solar Batteries
    http://www.poweroak.net the nation’s new generating capacity, more than half of which is a photovoltaic power generation. The report shows that a quarter of the US solar power capacity by 1.3 gigawatts (GW), the sixth consecutive
    quarterly increase of over 1 GW. The total annual installed capacity is expected to reach 7.9 GW, Solar Power Penerator
    http://www.poweroak.net , Solar Power Pack
    http://www.poweroak.net representing an increase of 27%.
    The report predicts that by 2016 solar power will meet the electricity needs of about 800 million households in the United States to offset 45 million metric tons of carbon emissions, equivalent to removing 10 million cars. energy storage system
    http://www.poweroak.net/energy-storage-system-c-1.html

  2. prachi says:

    Call Prachi for 24/7 sexy Mumbai escorts direct to your room in 20 minutes or less. Pink Angels of Mumbai have girls who come from a range of backgrounds and include glamour, fashion and young students. They are all beautiful, elegant, sexy, warm, fresh,
    sweet, young and stunning. http://pinkangelsofmumbai.in

    http://pinkangelsofmumbai.in/about.html
    http://pinkangelsofmumbai.in/gallery.html
    http://pinkangelsofmumbai.in/contact.html

  3. sa says:

    Doxy.in offers you the finest escort’s in Mumbai. Call 24 hrs Ms Nimita to find quality Mumbai escorts service like Airhostess, Models, College girls, Housewife, working girls, Russian and more.
    http://doxy.in

    http://doxy.in/about.html
    http://doxy.in/gallery.html
    http://doxy.in/contact.html

  4. sw says:

    Call SARA: we provide High quality Escorts service in Mumbai city. Here you will get fantastic Escorts Girls like College girls, Models, Airhostess, Housewife, Russian, Mumbai call girls and independent call girls in Mumbai for full service.
    http://daut.in
    http://daut.in/gallery.html
    http://daut.in/services.html
    http://daut.in/contact.html

  5. er says:

    Call PIYA: Mumbai Escorts. If you wish to obtain escorts in Mumbai, Piya.biz is the place for you, your source for different type of College girls, Models, Airhostess, Housewife, Russian, Mumbai call girls and independent call girls in Mumbai.
    http://piya.biz

    http://piya.biz/about.html
    http://piya.biz/gallery.html
    http://piya.biz/contact.html

  6. za says:

    Call ZUHI . We provide High quality Escorts service in Mumbai. Here you will get fantastic Escorts Girls, Service offering by our beautiful escorts models. 3/5/7 Star hotel and home 24 hrs service in all Mumbai.
    http://zuhi.biz
    http://zuhi.biz/about.html
    http://zuhi.biz/gallery.html
    http://zuhi.biz/contact.html