- My Response to "Sparky's List"
- • Deploy defense-in-depth
- Please tell me what defense-in-depth is and how you implement it. It’s a lot like saying a good way to be secure is to be secure.
- •Use a strict information security policy
- Easier said than implemented, but overall I agree.
- •Have regular audits of your security by an outside firm
- Good advice.
- •Use IDS or IPS
- Why wouldn’t you?
- •Teach your staff about information security
- Security awareness is one of the most important things a security team can implement. Every few companies invest the resources needed in this area.
- •Teach your staff about social engineering
- See above.
- •Keep your software and hardware up to date
- This is a great tip. Patched software and hardware stops a ton of hacks.
- •Watch security sites for news on computer security and learn what the new attacks are
- Agreed. Also run the tools mentioned in the attacks against your systems.
- •Let your sysadmins go to defcon ;D
- Why? How would spending limited training funds to send our sysadmins to defcon be smarter than sending them to a SANS class?
- •Get good sysadmins who understand security
- Also get unicorns who grants wishes. (Its easy to say, hard to find)
- •Encrypt your data (something like AES-256)
- All of your data? While its at rest? Always? Why?
- •Use spam filters
- Who doesn’t?
- •Keep an eye on what information you are letting out into the public domain
- True. If the information isn’t on the internet it can’t be leaked.
- •Use good physical security. What good is all the [security] software if someone could just walk in and take [your “secure” systems]?
- Not much? You are at a greater risk of attack from an online hack than you are from someone walking and stealing your server though.
a guest Sep 1st, 2011 599 Never
RAW Paste Data