hngopher.com

       [HN Gopher] Introduction to Security Good Practices
       ___________________________________________________________________
        
       Introduction to Security Good Practices
        
       Author : zdw
       Score  : 17 points
       Date   : 2021-05-09 19:39 UTC (3 hours ago)
        
 (HTM) web link (dataswamp.org)
 (TXT) w3m dump (dataswamp.org)
        
       | shoto_io wrote:
       | There is an entire ISO norm dealing with this btw. ISO 27k family
       | to be precise.
        
       | tasssko wrote:
       | Most of these tips are covered by ISO27001 and other similar
       | certifications and i consider it MVP security. You will need to
       | do more today to stay ahead especially if you manage or protect
       | valuable assets. Some tips that come to mind are; manage ingress
       | traffic to your web property with a web application firewall.
       | Setup machine learning to automate blacklist detection and
       | dynamically update blacklists. Use principle of least privilege
       | and role based access to manage users. Protect root accounts with
       | webauthn avoid using them. Setup conditional access control
       | policies to ensure certain roles have more stringent constraints.
       | Mind your dependencies many future exploits will come from
       | dependencies. Partition your pipelines so environments are
       | isolated. Monitor egress traffic if possible. Use VPNs to connect
       | environments but don't use VPNs if you don't know how to monitor
       | them (its a complex abstraction and ipsec can be tricky). Once
       | all these technical considerations are in progress consider the
       | developer onboarding process and application connectivity try to
       | implement context segmentation to avoid creating root service and
       | make sire all activities are logged to a monitored aggregator.
       | Look for suspicious activity that can originate in the source.
       | The list goes on and on and on.
        
       | johnisgood wrote:
       | There is a typo below "User Management", "It" -> "If".
       | 
       | Yeah, I agree with most of it I think. I use a modified version
       | of "pass" instead of "keepassxc", and I do not have anyone I
       | really trust with pieces of my password. I think having a
       | sentence as your password is the best (very easy to remember,
       | difficult to crack), and you can append random characters to that
       | at the end or wherever. It makes it even better if the sentence
       | is not in English. :)
       | 
       | Thank you for reminding me of QR. There is a tool[1] written in
       | Python that outputs the QR code as ASCII art to the terminal, or
       | to a file as PNG. I will use it more in the future I think. You
       | can get a QR scanner from F-Droid for Android. Be careful of
       | executing "printf 'foo' | qr" though. Hide your processes with
       | "hidepid=2" or something.
       | 
       | [1] https://github.com/lincolnloop/python-qrcode/
        
       | userbinator wrote:
       | I like how it avoids the tired cliche of calling them _best_
       | practices.
        
       ___________________________________________________________________
       (page generated 2021-05-09 23:01 UTC)