Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Sparky

By: a guest on Sep 1st, 2011  |  syntax: None  |  size: 1.80 KB  |  views: 597  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. My Response to "Sparky's List"
  2.  
  3.  
  4. • Deploy defense-in-depth
  5. Please tell me what defense-in-depth is and how you implement it. It’s a lot like saying a good way to be secure is to be secure.  
  6.  
  7. •Use a strict information security policy
  8. Easier said than implemented, but overall I agree.
  9.  
  10. •Have regular audits of your security by an outside firm
  11. Good advice.
  12.  
  13. •Use IDS or IPS
  14. Why wouldn’t you?
  15.  
  16. •Teach your staff about information security
  17. Security awareness is one of the most important things a security team can implement. Every few companies invest the resources needed in this area.
  18.  
  19. •Teach your staff about social engineering
  20. See above.
  21.  
  22. •Keep your software and hardware up to date
  23. This is a great tip. Patched software and hardware stops a ton of hacks.
  24.  
  25. •Watch security sites for news on computer security and learn what the new attacks are
  26. Agreed. Also run the tools mentioned in the attacks against your systems.
  27.  
  28. •Let your sysadmins go to defcon ;D
  29. Why? How would spending limited training funds to send our sysadmins to defcon be smarter than sending them to a SANS class?
  30.  
  31. •Get good sysadmins who understand security
  32. Also get unicorns who grants wishes. (Its easy to say, hard to find)
  33.  
  34. •Encrypt your data (something like AES-256)
  35. All of your data? While its at rest? Always? Why?
  36.  
  37. •Use spam filters
  38. Who doesn’t?
  39.  
  40. •Keep an eye on what information you are letting out into the public domain
  41. True. If the information isn’t on the internet it can’t be leaked.
  42.  
  43. •Use good physical security. What good is all the [security] software if someone could just walk in and take [your “secure” systems]?
  44. Not much? You are at a greater risk of attack from an online hack than you are from someone walking and stealing your server though.
clone this paste RAW Paste Data