“Defense in Depth.” This is a fundamental principle of information security. Essentially it means that you add layers of security so you don’t rely on a single point of failure in your security model. For instance, if you have a hardware firewall for your network, you also run a software firewall on your desktop computers. […]
Note: While some of the content in this post is dated and no longer applicable, the principles and techniques remain valid as of late 2014. If you’ve read my previous post on why administrative rights over your computer are a bad thing and you are motivated to do something about it, you might ask “just […]
One of the absolutely most effective ways to shield yourself from viruses and spyware is to not log on to your computer as an administrator. As soon as I say this, I usually encounter some resistance, because users think that giving up admin rights equates to giving up power. In a way, you are, but […]
Last week, I posted an article explaining why security is everyone’s concern. Today I came across another article which underscores this. The Zeus botnet apparently self-destructed last month, effectively rendering 100,000 computers across the Internet non-functional.
When I first mention information security to a client, particularly a small business, non-profit, or educational institution, I frequently get a response like this: “Nobody is interested in our network.” “We don’t have anything that anyone would want.” “Our systems aren’t that important.” “No one would steal my account/password/login.” “Why would someone want to hack […]