No root, please!

When you are dealing with system security, you need to create a secure system from the ground up. This is why you should never need root access to perform your job, even installing software.

The principle of security lies in separation of duty and protecting the core system, even if a component fails.

If you expect a component to fail, and it will, then you are better prepared to deal with it than if it catches you by surprise. There are so many exploits out there that denying a failure or security breach is only for the stupid and naive.
Continue reading »

categorie(s): security, technology, work | Leave a comment

How to handle a security incident

Or: Coping with the Human Bug

If you work in IT, just like me, every now and then you stumble into something, you shouldn’t have. Most of the times this happens because someone has given you temporary access with too many privileges. 9 out of 10 times this is for convenience. And it is wrong.

Continue reading »

categorie(s): security, technology, work | Leave a comment

strelitzia.net