The 10 Security Commandments

  • 0

The 10 Security Commandments

  1. Thou shalt install security patches. Exploiting vulnerabilities is one of the main infection vectors. To prevent intrusions, keep the operating systems and all its applications always updated.
  2. Thou shalt audit. Keep a record of logs and everything that goes on in the systems in order to detect security gaps in servers and anything that has access to sensitive information.
  3. Thou shalt use security technologies. The basic combination of antivirus, antispam, and firewall software is only the starting point. They should be complemented with other tools, such as intrusion detection systems (IDS), honeypots, and encryption software.
  4. Thou shalt implement security policies. These documents define the best practices, limit the actions of users on information resources, and state their responsibilities towards them.
  5. Thou shalt use strong, unique passwords. These are the access keys to all resources such as servers, mail, data, and network gear. They must be strong and have to be stored in specialized password managers to minimize the risk of unauthorized access.
  6. Thou shalt grant your users limited rights. Administrative rights should be granted only to very small groups, as they could be exploited by malware to perform actions on the file system or install unauthorized programs.
  7. Thou shalt use legitimate software. Downloading applications from unknown or illegitimate sources may install trojanized software or malware.
  8. Thou shalt educate your users. User security training regarding the proper use of technologies, data protection and existing threats can be implemented through training talks, posters and login messages.
  9. Thou shalt not make unjustified exceptions. Security policies should be applied consistently throughout the whole network. Making unjustified exceptions for a manager, a friend, or a developer exposes company to Risk, even though the rest of the users comply with the policies.
  10. Thou shalt know the security trends. Cyberthreats and techniques are constantly evolving. Meanwhile, security measures are developed and improved to fight them.     Reading http://www.welivesecurity.com is as fine a start as any.

List adapted from http://www.welivesecurity.com/2016/07/29/10-security-commandments-every-sysadmin/