Quote:
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
Law #4: If you allow a bad guy to upload programs to your web site, it's not your web site any more.
Law #5: Weak passwords trump strong security.
Law #6: A machine is only as secure as the administrator is trustworthy.
Law #7: Encrypted data is only as secure as the decryption key.
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all.
Law #9: Absolute anonymity isn't practical, in real life or on the web.
Law #10: Technology is not a panacea.
|
1) You mean like what is done automatically with IE?
Okay, low blow there, but it's true.
2) Yep.
3) So true. Get a firewall
4) *cough* *cough* Run Apache *cough*
5) Instead of using the recommended Biometrics as recommended (impractical unless you really need the security), use random passowrds. Some password generators make random-but-easy-to-remember passwords 5 chars in length. Always add numbers and symbols to a password (makes it harder to crack). Get i the habit, unlike me
, of changing critical passwords every month or so (especially important for websites).
6) If using a UNIX/Linux system, be very very careful who gets access to the root password. That goes along with this rule.
7) This is where programs like PGP and GPG come in handy
(for the uninitianted, both programs encrypt so that the information can is locked by 1 key, but can only be unlocked by another, different key (the public and private keys))
8) Yep
9) Yep
10) Highlight the part about social engineering.
Linear Mode
