Innovative security technique No. 7: Network traffic flow analysis
With foreign hackers abounding, one of the best ways to discover massive data theft is through network traffic flow analysis. Free and commercial software is available to map your network flows and establish baselines for what should be going where. That way, if you see hundreds of gigabytes of data suddenly and unexpectedly heading offshore, you can investigate. Most of the APT attacks I've investigated would have been recognized months earlier if the victim had an idea of what data should have been going where and when.
Innovative security technique No. 8: Screensavers
Password-protected screensavers are a simple technique for minimizing security risk. If the computing device is idle for too long, a screensaver requiring a password kicks in. Long criticized by users who considered them nuisances to their legitimate work, they're now a staple on every computing device, from laptops to slates to mobile phones.
I remember one time leaving my smartphone in a cab, right after an argument with the cab driver over the bill (he had taken me on a much longer, more circuitous route than necessary). I immediately considered that phone long gone. I was worried because I had just chatted with my wife, so the phone was open and exposed. I store my passwords and other personal information on the phone, although slightly modified so that anyone reading it directly wouldn't know the true passwords or numbers. I was more worried about the contact information for my wife, daughters, and other loved ones. Luckily, I knew my screensaver would kick in momentarily. I never found the phone, but I didn't get any weird calls or charges either.
Innovative security technique No. 9: Disabling Internet browsing on servers
Most computer risk is incurred by users' actions on the Internet. Organizations that disable Internet browsing or all Internet access on servers that don't need the connections significantly reduce that server's risk to maliciousness. You don't want bored admins picking up their email and posting to social networking sites while they're waiting for a patch to download. Instead, block what isn't needed. For companies using Windows servers, consider disabling UAC (User Account Control) because the risk to the desktop that UAC minimizes isn't there. UAC can cause some security issues, so disabling it while maintaining strong security is a boon for many organizations.
Innovative security technique No. 10: Security-minded development
Any organization producing custom code should integrate security practices into its development process -- ensuring that code security will be reviewed and built in from day one in any coding project. Doing so absolutely will reduce the risk of exploitation in your environment.
This practice, sometimes known as SDL (Security Development Lifecycle), differs from educator to educator, but often includes the following tenets: use of secure programming languages; avoidance of knowingly insecure programming functions; code review; penetration testing; and a laundry list of other best practices aimed at reducing the likelihood of producing security bug-ridden code.
Microsoft, for one, has been able to significantly reduce the number of security bugs in every shipping product since instituting SDL. It offers lessons learned, free tools, and guidance at its SDL website.
This story, "10 crazy IT security tricks that actually work," was originally published at InfoWorld.com. Follow the latest developments in security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.
