The Immutable Laws of Security

Discussion in 'other security issues & news' started by ronjor, Nov 4, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    https://www.securityweek.com/immutable-laws-security
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    These are similar if not the same as Microsofts official "laws of security."

    #2 is the one I agree with most.

    #7 is probably the one that most interests me.
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Number 7 is especially true, when you consider that every bit of technology that is created can be used for or against you.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I think it's more of the idea that there's not a program in the world that will protect every computer equally (or rather properly) on its own. You can not simply install a program and have it lock down all the right places just the right way.

    Policies are tailored to situations. Software alone can not create strong policy - only generic policy.
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Those "laws" apply to conventional default-permit security policies and the average user. I don't accept "laws" 2,3,4, and 5.
    2, Nothing on this PC is done the "easy way." It's all default-deny.
    3, I haven't installed a security fix in ages. Very few of my user apps are up to date.
    4, I have no virus scanner. They're unnecessary.
    5, Eternal vigilance? Not needed when default-deny handles that for me. My "vigilance" is limited to obeying the policies I've set and testing the occasional zero-day. Beyond that, I don't worry about it.

    IMO, these are the real laws. The Six Dumbest Ideas in Computer Security. They've served me well for many years.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    =p and that's the problem with default-deny. Easy is important. It brings security into the users hands.

    I agree that 5 isn't necessary.
    I agree that 3 isn't necessary - though to a lesser extent.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The Microsoft version 2.0 is here and in my sig ;)
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Oh and I definitely disagree with some of those "Dumbest" ones.
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If you're one who is always changing or updating your system, yes, default-deny can be a pain. If your system is equipped the way you want it and does what you need, which mine is, then you want it to be the same day after day, month after month. For me, default-deny enforces an even more basic policy, anti-change. Altering this system requires administrative passwords and performing a lot of steps in a very specific sequence in order to prevent changes from automatically being undone by a reboot. Without the passwords, the worst anything could do is drop useless files on it, which will be detected. I don't want it to be easy to casually alter it, even for me. My needs are simple. I want secure, reliable, and consistent performance.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I meant that default-deny brings it into the users-hands. I was really unclear.

    Your needs are your needs =p and your solution fits it. I would always argue that "easy" security is the best though whether other methods work on a per-user basis or not.
     
Loading...
Thread Status:
Not open for further replies.