mirzadedic.ca

Cybersecurity | Hybrid Cloud Infrastructure

The immutable laws of security

Posted on in security • 485 words • 3 minute read
Last updated on
Tags: noteworthy

The immutable laws of security

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.

This law highlights the fact that running a program from an untrusted source can compromise the security of your computer. Once you execute the program, it can take control of your computer and access any information stored on it.

Law #2:If a bad guy can alter the operating system on your computer, it’s not your computer anymore.

This law emphasizes the importance of maintaining the integrity of the operating system. If a bad actor gains access to the operating system, they can bypass all security controls and have complete control over the computer.

Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

This law highlights the importance of physical security. If an attacker has unrestricted physical access to a computer, they can install hardware or software to bypass security controls, access sensitive data, or even steal the entire computer.

Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more.

This law highlights the danger of allowing untrusted code to run on your website. Once the attacker gains control, they can use your website to launch attacks against your users or steal their information.

Law #5: Weak passwords trump strong security.

This law emphasizes the importance of using strong passwords. No matter how many security measures are in place, a weak password can be easily guessed, allowing attackers to gain access to sensitive information.

Law #6: A computer is only as secure as the administrator is trustworthy.

This law highlights the importance of trusting the person responsible for administering a computer system. If the administrator is not trustworthy, they can intentionally or unintentionally compromise the security of the system.

Law #7: Encrypted data is only as secure as its decryption key.

This law highlights the importance of protecting encryption keys. If an attacker gains access to the key, they can decrypt and read sensitive data that was meant to be secure.

Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.

This law emphasizes the importance of keeping security tools up-to-date. If the antimalware scanner is not updated, it will not be able to detect new malware, leaving the system vulnerable to attack.

Law #9: Absolute anonymity isn’t practically achievable, online or offline.

This law highlights the fact that complete anonymity is difficult to achieve. No matter how well you try to hide your identity, there is always a chance of being identified through various means.

Law #10: Technology is not a panacea.

This law emphasizes that technology is not a cure-all for security problems. While technology can provide powerful tools for securing systems, it still requires responsible management and maintenance to be effective.