Skip to main content

Posts

Showing posts from August, 2007

Protect Your Windows Network

Protect Your Windows Network From Perimeter to Data

by Jesper M. Johansson and Steve Riley



1 - Introduction to Network Protection

Information technology is working properly only when users can stop thinking about how or why it works

Security Management is about spending good money to have nothing happen

Fundamental Tradeoffs are between Cost, Level of Security, and Usefullness/Usability

Microsoft Library - Security Center

A protected network is one with an absence of unmitigated vulnerabilities that can be used to compromise the network

To have a truly secure network you must enumerate every place where it might be insecure and demonstrate that it is not insecure in any of them. This is only possible in theory not in practice (i.e. Chasing Unicorns)

2 - Anatomy of a Hack

No network is any more secure than the least-secure device connected to it

SQL injection is a vulnerability in the application, not the DBMS itself

The only proper way to clean a compromised system is to nuke and pave it

3 - Pat…