Common Mistakes in information security

Recently, the security topic suddenly burst. The security training content I organized in the company a few months ago was completely verified. The blog posts about md5 credential stuffing and social engineering library scanning in the early stage became unknown. (Sin is not intentional, it is a coincidence ). Many people have asked this topic, but Weibo cannot open it. I would like to sort out some ideas during the training and share them with you.
 
 
1. Security is a matter for technicians
 
Error! Too many famous Internet companies have serious security incidents due to the negligence of customer service and marketing personnel. Security awareness must be full. Every employee Connected to the company's network and every employee with the company's email account should have basic security qualities.
 
2. Security is to defend against death and block all intrusion Channels
 
Error! It is necessary to block intrusion channels, but it is not sufficient. Do you have to consciously consider what the intrusion will do? Database explosion is a typical example. In a truly secure system, database explosion still needs to ensure password security. Multi-layer defense is required.
 
3. Install patches and update the latest version.
 
Error! I don't have this idea after I understand 0-day.
 
4. Use genuine software for security
 
This 2b concept is not explained.
 
5. The best hacker will not be afraid of intrusion.
 
Error! Intrusion requires only one breakthrough and comprehensive protection. The best hackers can perform O & M, which also has defects.
 
6. If you buy the most expensive firewall, you will not be afraid of intrusion.
 
Error! The firewall cannot block zero-day traffic. Of course, this is absolutely absolute. It should be said that whether the firewall can block zero-day traffic depends on luck. In addition, many firewalls are also exposed.
 
7. My website has no value and hackers will not stare at me.
 
Error! Hackers will not stare at you, but will also kill you when passing through soy sauce. Hackers have tools to spread the Internet, not targeting you, but unfortunately you are on the Internet.
 
8. Which boring hacker is always staring at me ?!
 
Error! The hacker did not stare at you. He killed you when he passed through soy sauce. Same principle.
 
9. I know security too well. I found that Shenma random salt and Shenma front-end encryption are not safe enough. These methods are all broken and are not worth doing!
 
Error! Continue to remind us that hackers are likely to be on the road. Unless they stare at you, the computing cost will be a little higher, and they will give up. You have to believe this, too many websites on the Internet are not doing this well. Hackers will do the simple work first.
 
10. A security expert diagnosed us and said that our system is rock-solid and foolproof.
 
Please raise your middle finger to the expert.