10 Immutable Laws of Security
I was browsing the MSDN Blogs and come across this interesting post in the IEBlog about SSL and TLS security. Digging through, I ended up with this quite informative Microsoft TechNet article.
The 10 Immutable Laws of Security:
The 10 Immutable Laws of Security:
- Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
- Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
- Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
- Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
- Law #5: Weak passwords trump strong security
- Law #6: A computer is only as secure as the administrator is trustworthy
- Law #7: Encrypted data is only as secure as the decryption key
- Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
- Law #9: Absolute anonymity isn't practical, in real life or on the Web
- Law #10: Technology is not a panacea
0 Comments:
Post a Comment
<< Home