"Go to the PUB."
Although this is supposed to be a Linux blog, I often dip into questions of general computer security. I've been annoyed over the state of such matters, since zero-day exploits seem to be discovered daily or hourly. Cloud hypervisor weakness, DNS fakery, programmers forgetting to tell fields not to take nasty input (or the dev project not giving them time for testing in order to find and eliminate those instances - not to mention documentation)... wait a minute. What if I concentrate on the positive? What can we do that'll work?
P - use complex passwords and change them often.
U - perform updates and patching on all systems and applications, testing update or patch on a nonproduction box where feasible.
B - do backups at least of critical systems, file systems, configurations and settings.
My very basic list does not take the place of all other kinds of due diligence and due task completion. If a user or employee leaves, disable that account right now. Don't use any default passwords or configs on anything. Don't put info useful to the bad guys on the company website and don't let employees put same on their LinkedIn or Facebook pages. And so on. But use my mnemonic to keep the three biggies (according to me) always in mind:
Passwords. Updates. Backups.
End of file.
