* Top Ten Tips To Make Attackers’ Lives Hell

Filtering, DMZs, VPNs, and more.

ONLamp.com has a nice article about network security policies. That and Ernie’s VNC post prompted me to make this post. As I wrote in the ABA’s Law Practice Management magazine:

“A firewall is a combination of hardware, software, and security policies used to protect a private network. But most people refer to ‘firewall’ as either a piece of hardware or a piece of software.”

The same is true for security. “Security” is a set of polices, not a collection of hardware and software. Your security policy should include the use of encryption when necessary, but “encryption” doesn’t equal “security.”

I prefer encrypted connections when I’m passing from my network to another, so in these cases I use:

  • Encrypted WiFi (instead of unencrypted).
  • VNC over SSH (instead of unencrypted).
  • SCP or SFTP (instead of FTP).
  • SSH (instead of Telnet).

But it doesn’t matter if you use encryption if your other polices (such as password policies) are weak. See, for example, my post about WashingtonPost.com’s bad password policies.