Keep Security Simple
How do you keep security simple? One way is to break security down to discrete objectives:
- Keep services running and info away from attackers. // Deny access by default
- Allow the right users access to the right info. // least priviledge
- Defend every layer as if it were the last layer of defense. // defense indepth
- Keep a record of attempts to access info. // audit logs
- Compartmentalise and isolate resources as much as possible.
- Don't make the same mistakes that everyone else makes.
- Don't let the aforementioned objectives cost too much.
Adopted from the book Assessing Network Security by Ben Smith, David LeBlanc, Kevin Lam.
0 Comments:
Post a Comment
<< Home