10 old-school security principles that (still) rule

Oldies but goodies, these security tips have stood the test of time.

rules procedures manuals

If you're always scrambling to keep your IT infrastructure updated, you might think that newer is always better when it comes to security: new patches, new and more secure hardware, new crypto techniques, etc.  But when it comes to fundamentals, some things are eternal. For instance, according to Jeff Williams, CTO and co-founder of Contrast Security, "The design principles from Saltzer and Schroeder's  1975 article 'The Protection of Information in Computer Systems' are still incredibly useful and often ignored."

These principles are worth a re-read, but are somewhat abstract (e.g., "least privilege," "economy of mechanism," and so on). But we spoke to a host of IT security pros with years of experience in the field to find out what they considered timeless and practical tips for securing your systems. Because even though there are always new vulnerabilities out there, at the base level there's very little new under the sun.

1. Lock it down (physically)

Before we had computers to protect, we had to guard our buildings and our physical objects — and that reality hasn't changed with the computer age. Mario DiMarcantonio, the owner of a Dallas IT consulting firm, recommends door locks, cable locks and cameras (with both local and cloud storage of recorded video).

Gary G. Smith, Business Development Manager at consulting firm Graycon IT, tells a story that illustrates the importance of this. "I had a client with a server that sat in the employee lunch area, and one day, all the workstations lost connection to their line of business application. One of the owners went to check on the server to see if there was an error message — and found a man trying to carry the server out the door, but hindered because the server connected to the shelf by a security lock. This could have been avoided with a better process, but securing their server slowed a would-be-thief enough so they could chase him away without his loot."

2. Patch your systems

To continue reading this article register now

How to choose a SIEM solution: 11 key features and considerations