Skip to main content

Posts

Showing posts from August, 2007

Protect Your Windows Network

Protect Your Windows Network From Perimeter to Data by Jesper M. Johansson and Steve Riley 1 - Introduction to Network Protection Information technology is working properly only when users can stop thinking about how or why it works Security Management is about spending good money to have nothing happen Fundamental Tradeoffs are between Cost, Level of Security, and Usefullness/Usability Microsoft Library - Security Center A protected network is one with an absence of unmitigated vulnerabilities that can be used to compromise the network To have a truly secure network you must enumerate every place where it might be insecure and demonstrate that it is not insecure in any of them. This is only possible in theory not in practice (i.e. Chasing Unicorns) 2 - Anatomy of a Hack No network is any more secure than the least-secure device connected to it SQL injection is a vulnerability in the application, not the DBMS itself The only proper way to clean a compromised system is to nuke and pav