Share via

Immutable Laws of Security

  • Article

https://encarta.msn.com/dictionary_1861620314/immutable.html

im·mu·ta·ble [ i my?t?b'l ]

adjective 

Definition:

unchanging or unchangeable: not changing or not able to be changed

I intent to write some security relating postings in the near future on my blog, and before I do so, it is critical that you have an understanding of some of the basics of Computer/Network/User security.

Going forward, you should be able to see all of my Security Related postings here:

https://blogs.technet.com/seanearp/archive/tags/security/default.aspx

and I would in particular recommend that you read the post on passwords here: Windows Server Longhorn Per User Password Policy

As part of the foundational reading, it is critical that you read the two following TechNet articles on the Immutable Laws of Security.  One thing that you will find is that these laws are technology and time agnostic.  They apply across platforms and across new releases of Operating Systems (even ours). The lists would be valuable printed and pasted to your cubicle wall, and for a discussion on each of the laws, click on the "10 Immutable Laws" links. To that end, I give you:

10 Immutable Laws of Security

  • Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
  • Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
  • Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
  • Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
  • Law #5: Weak passwords trump strong security
  • Law #6: A computer is only as secure as the administrator is trustworthy
  • Law #7: Encrypted data is only as secure as the decryption key
  • Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
  • Law #9: Absolute anonymity isn't practical, in real life or on the Web
  • Law #10: Technology is not a panacea

10 Immutable Laws of Security Administration

  • Law #1: Nobody believes anything bad can happen to them, until it does
  • Law #2: Security only works if the secure way also happens to be the easy way
  • Law #3: If you don't keep up with security fixes, your network won't be yours for long
  • Law #4: It doesn't do much good to install security fixes on a computer that was never secured to begin with
  • Law #5: Eternal vigilance is the price of security
  • Law #6: There really is someone out there trying to guess your passwords
  • Law #7: The most secure network is a well-administered one
  • Law #8: The difficulty of defending a network is directly proportional to its complexity
  • Law #9: Security isn't about risk avoidance; it's about risk management
  • Law #10: Technology is not a panacea

Comments

  • Anonymous
    June 10, 2015
    US home solar power system capacity increase of 76% over last year, to 437 megawatts (MW) ,Solar Batterieshttp://www.poweroak.net the nation's new generating capacity, more than half of which is a photovoltaic power generation. The report shows that a quarter of the US solar power capacity by 1.3 gigawatts (GW), the sixth consecutive quarterly increase of over 1 GW. The total annual installed capacity is expected to reach 7.9 GW, Solar Power Peneratorhttp://www.poweroak.net , Solar Power Pack http://www.poweroak.net representing an increase of 27%.
    The report predicts that by 2016 solar power will meet the electricity needs of about 800 million households in the United States to offset 45 million metric tons of carbon emissions, equivalent to removing 10 million cars. energy storage systemhttp://www.poweroak.net/energy-storage-system-c-1.html
  • Anonymous
    June 23, 2015
    The comment has been removed
  • Anonymous
    June 23, 2015
    The comment has been removed