Article
Help

10 Immutable Laws of Security

In past columns, I’ve given you advice about how to secure your workstations from unwanted intrusions, viruses and Trojan Horses.  In a series of columns beginning with this month’s article, I am going to share and discuss the ramifications of an excellent article entitled The Ten Immutable Laws of Security, by Scott Culp.

This month, I am going to impart the “Ten Laws” to you and beginning next month, I will be discussing how some of the points made directly affect you as a computer user on a wide area network with high-speed Internet access.

Law #1:  If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.

Law #2:  If a bad guy can alter the operating system on your computer, it’s not your computer anymore.

Law #3:  If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

Law #4: If you allow a bad guy to upload programs to your website, it’s not your website anymore.

Law #5:  Weak passwords trump strong security

Law #6:  A machine is only as secure as the administrator is trustworthy.

Law #7:  Encrypted data is only as secure as the decryption key.

Law #8:  An out-of-date virus scanner is only marginally better than no virus scanner at all.

Law #9:  Absolute anonymity isn’t practical, in real life or on the web.

Law #10:  Technology is not a panacea.

Help:

If you have questions, or need assistance, please contact the Help Center at help@gsu.edu or (404) 413-HELP (4357).