1. Limit admin access to systems
2. Protect privileged account passwords
3. Extend IT security awareness training
4. Limit unknown applications
5. Protect user passwords with security best practices
Simple but effective. For #1 the fewer people that have access, the harder it will be for the attacker to find somebody who has it. For #2 manage and monitor who or what systems get a privileged account, where and how they're used, don't just create them and forget about them. For #3 humans are clearly the weakest link so a lot of time and effort needs to be spent securing them. For #4 make sure you whitelist all applications and application accounts, and don't allow anything else to run. For #5 while most experts think passwords are going the way of the dinosaur soon, for most companies that hasn't happened yet, thus there's no excuse for following best practices on strength, expiration, etc.
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment