Immutable Laws of Security

https://encarta.msn.com/dictionary_1861620314/immutable.html

im·mu·ta·ble [ i my?t?b'l ]

adjective 

Definition:

unchanging or unchangeable: not changing or not able to be changed

I intent to write some security relating postings in the near future on my blog, and before I do so, it is critical that you have an understanding of some of the basics of Computer/Network/User security.

Going forward, you should be able to see all of my Security Related postings here:

https://blogs.technet.com/seanearp/archive/tags/security/default.aspx

and I would in particular recommend that you read the post on passwords here: Windows Server Longhorn Per User Password Policy

As part of the foundational reading, it is critical that you read the two following TechNet articles on the Immutable Laws of Security.  One thing that you will find is that these laws are technology and time agnostic.  They apply across platforms and across new releases of Operating Systems (even ours). The lists would be valuable printed and pasted to your cubicle wall, and for a discussion on each of the laws, click on the "10 Immutable Laws" links. To that end, I give you:

10 Immutable Laws of Security

  • Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
  • Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
  • Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
  • Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
  • Law #5: Weak passwords trump strong security
  • Law #6: A computer is only as secure as the administrator is trustworthy
  • Law #7: Encrypted data is only as secure as the decryption key
  • Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
  • Law #9: Absolute anonymity isn't practical, in real life or on the Web
  • Law #10: Technology is not a panacea

10 Immutable Laws of Security Administration

  • Law #1: Nobody believes anything bad can happen to them, until it does
  • Law #2: Security only works if the secure way also happens to be the easy way
  • Law #3: If you don't keep up with security fixes, your network won't be yours for long
  • Law #4: It doesn't do much good to install security fixes on a computer that was never secured to begin with
  • Law #5: Eternal vigilance is the price of security
  • Law #6: There really is someone out there trying to guess your passwords
  • Law #7: The most secure network is a well-administered one
  • Law #8: The difficulty of defending a network is directly proportional to its complexity
  • Law #9: Security isn't about risk avoidance; it's about risk management
  • Law #10: Technology is not a panacea