At the end of the article, it mentioned briefly on how to defense in depth against threats and attacks. I find it a good reminder for everyone of us.
- Least privilege access
– to help ensure that users have the minimum access to do their job
- Decouple security from administration
– don’t allow non-security personnel to change security settings
- Fine-grained control over admin access
– helps contain the damage if a system is breached
- Shared account management
– to eliminate shared passwords and improve accountability
- User activity auditing
– track and audit all access to help identify potential attack attempts
- Information protection
– control not only access to information, but its use
Very common-sense advice, but how many of us really practice it at all times? :)
.
No comments:
Post a Comment