[HN Gopher] Introduction to Security Good Practices ___________________________________________________________________ Introduction to Security Good Practices Author : zdw Score : 17 points Date : 2021-05-09 19:39 UTC (3 hours ago) (HTM) web link (dataswamp.org) (TXT) w3m dump (dataswamp.org) | shoto_io wrote: | There is an entire ISO norm dealing with this btw. ISO 27k family | to be precise. | tasssko wrote: | Most of these tips are covered by ISO27001 and other similar | certifications and i consider it MVP security. You will need to | do more today to stay ahead especially if you manage or protect | valuable assets. Some tips that come to mind are; manage ingress | traffic to your web property with a web application firewall. | Setup machine learning to automate blacklist detection and | dynamically update blacklists. Use principle of least privilege | and role based access to manage users. Protect root accounts with | webauthn avoid using them. Setup conditional access control | policies to ensure certain roles have more stringent constraints. | Mind your dependencies many future exploits will come from | dependencies. Partition your pipelines so environments are | isolated. Monitor egress traffic if possible. Use VPNs to connect | environments but don't use VPNs if you don't know how to monitor | them (its a complex abstraction and ipsec can be tricky). Once | all these technical considerations are in progress consider the | developer onboarding process and application connectivity try to | implement context segmentation to avoid creating root service and | make sire all activities are logged to a monitored aggregator. | Look for suspicious activity that can originate in the source. | The list goes on and on and on. | johnisgood wrote: | There is a typo below "User Management", "It" -> "If". | | Yeah, I agree with most of it I think. I use a modified version | of "pass" instead of "keepassxc", and I do not have anyone I | really trust with pieces of my password. I think having a | sentence as your password is the best (very easy to remember, | difficult to crack), and you can append random characters to that | at the end or wherever. It makes it even better if the sentence | is not in English. :) | | Thank you for reminding me of QR. There is a tool[1] written in | Python that outputs the QR code as ASCII art to the terminal, or | to a file as PNG. I will use it more in the future I think. You | can get a QR scanner from F-Droid for Android. Be careful of | executing "printf 'foo' | qr" though. Hide your processes with | "hidepid=2" or something. | | [1] https://github.com/lincolnloop/python-qrcode/ | userbinator wrote: | I like how it avoids the tired cliche of calling them _best_ | practices. ___________________________________________________________________ (page generated 2021-05-09 23:01 UTC)