I remember one time leaving my smartphone in a cab, right after an argument with the cab driver over the bill
(he had taken me on a much longer, more circuitous route than necessary). I immediately considered that phone long
gone. I was worried because I had just chatted with my wife, so the phone was open and exposed. I store my
passwords and other personal information on the phone, although slightly modified so that anyone reading it
directly wouldn't know the true passwords or numbers. I was more worried about the contact information for my wife,
daughters, and other loved ones. Luckily, I knew my screensaver would kick in momentarily. I never found the phone,
but I didn't get any weird calls or charges either.
Innovative security technique No. 9: Disabling Internet browsing on serversMost
computer risk is incurred by users' actions on the Internet. Organizations that disable Internet browsing or all
Internet access on servers that don't need the connections significantly reduce that server's risk to
maliciousness. You don't want bored admins picking up their email and posting to social networking sites while
they're waiting for a patch to download. Instead, block what isn't needed. For companies using Windows servers,
consider disabling UAC (User Account Control) because the risk to the desktop that UAC minimizes isn't there. UAC
can cause some security issues, so disabling it while maintaining strong security is a boon for many
Innovative security technique No. 10: Security-minded developmentAny
organization producing custom code should integrate security practices into
its development process -- ensuring that code security will be reviewed and built in from day one in any coding
project. Doing so absolutely will reduce the risk of exploitation in your environment.
This practice, sometimes known as SDL (Security Development Lifecycle), differs from educator to educator, but
often includes the following tenets: use of secure programming languages; avoidance of knowingly insecure
programming functions; code review; penetration testing; and a laundry list of other best practices aimed at
reducing the likelihood of producing security bug-ridden code.
Microsoft, for one, has been able to significantly reduce the number of security bugs in every shipping product
since instituting SDL. It offers lessons learned, free tools, and guidance at its SDL website.