re: How to think like a hacker - Scott Culp's 10 Immutable Laws of Security

Julien Couvreur — Wed, 05 Jan 2005 09:57:00 GMT

Actually, Law #1 doesn't have to be that way.

The reason why that law exists is the security model that is used in Unix and Windows: principals and access controls.
If each program only got the minimum authority that it needed, it could not do much damage. Also, if you manage to create protected components within a program and each component only gets the authority it needs, you can further improve the granularity level of security.

This cannot be done with ACLs, because it becomes un-manageable.
Another security model: capability-based security, merges the security aspect into the design. It is authority-driven design.

I can send you the draft of a paper I'm writing, that summarizes this approach.
More info at http://erights.org (E language).

How to secure the Administrator account access to your environment

Steve Lamb's Blog — Fri, 24 Jun 2005 20:15:20 GMT

The Administrator Accounts Security Planning Guide&nbsp;has recently been posted to TechNet and hence...

Risk, Risk, Risk..do I sound like Steve Lamb yet?… « Forward, positively..

Fri, 10 Oct 2008 12:06:13 GMT

PingBack from http://thebestbrew.wordpress.com/2008/10/10/risk-risk-riskdo-i-sound-like-steve-lamb-yet/