Thursday, July 25, 2013

Defense In Depth

I came across this article from CA that talks about security threats and attacks.

At the end of the article, it mentioned briefly on how to defense in depth against threats and attacks. I find it a good reminder for everyone of us.

  • Least privilege access
  •  – to help ensure that users have the minimum access to do their job
  • Decouple security from administration
  •  – don’t allow non-security personnel to change security settings
  • Fine-grained control over admin access
  •  – helps contain the damage if a system is breached
  • Shared account management
  •  – to eliminate shared passwords and improve accountability
  • User activity auditing
  •  – track and audit all access to help identify potential attack attempts
  • Information protection
  •  – control not only access to information, but its use

Very common-sense advice, but how many of us really practice it at all times? :)


No comments:

Post a Comment