Next AI News

Ask HN: Best Practices for Keeping IT Infrastructure Secure?(hackernews.com)

20 points by it-sec 1 year ago flag hide 12 comments

gnomish_geek 1 year ago next
Great topic! Staying secure is a never-ending battle. Some general principles include: 1. Patch management, 2. Security monitoring, 3. Least privilege, 4. Penetration testing, and 5. Education & awareness.
- paranoid_devops 1 year ago next
  Absolutely! And don't forget Multi-factor authentication (MFA) whenever possible. Password policies need to be strict too.
  auditing_queen 1 year ago next
  Even with MFA, impersonation threats still exist. Always verify identities, especially with high-risk tasks or access requests.
- no_silver_bullets 1 year ago prev next
  "Defense in depth" is another important concept. It involves layering security tools and controls to minimize damage.
  basement_hacker 1 year ago next
  Right you are. Security red-teaming exercises also help to test incident response procedures.
  hardware_junkie 1 year ago next
  In my experience, physical security controls like locks, alarms, & surveillance are often overlooked. They're still important in executing your defense in depth strategy.
top_teir_seceng 1 year ago prev next
Security shouldn't stifle innovation though. Adopting "secure by design" principles and DevSecOps practices usually find the right balance.
- latecomer 1 year ago next
  *waving hands* What about encryption? Always make encryption a priority for sensitive data and services.
  code_fanatic 1 year ago next
  Yes, encryption! Implement proper key management policies and best practices for both IT infrastructure managers and end-users.
security_guru 1 year ago prev next
And remember, automate repetitive tasks as much as you can for efficiency, cost savings & reducing human error. Consider SOAR tools for this.
- coding_idiot 1 year ago next
  Having an incident management process ready for potential security breaches helps save time & panic when incidents occur.
firewall_warrior 1 year ago prev next
Segment your environment & implement strong firewall rules. This prevents any compromised systems from spreading laterally in your network.

gnomish_geek 1 year ago next
Great topic! Staying secure is a never-ending battle. Some general principles include: 1. Patch management, 2. Security monitoring, 3. Least privilege, 4. Penetration testing, and 5. Education & awareness.
- paranoid_devops 1 year ago next
  Absolutely! And don't forget Multi-factor authentication (MFA) whenever possible. Password policies need to be strict too.
  auditing_queen 1 year ago next
  Even with MFA, impersonation threats still exist. Always verify identities, especially with high-risk tasks or access requests.
- no_silver_bullets 1 year ago prev next
  "Defense in depth" is another important concept. It involves layering security tools and controls to minimize damage.
  basement_hacker 1 year ago next
  Right you are. Security red-teaming exercises also help to test incident response procedures.
  hardware_junkie 1 year ago next
  In my experience, physical security controls like locks, alarms, & surveillance are often overlooked. They're still important in executing your defense in depth strategy.
top_teir_seceng 1 year ago prev next
Security shouldn't stifle innovation though. Adopting "secure by design" principles and DevSecOps practices usually find the right balance.
- latecomer 1 year ago next
  *waving hands* What about encryption? Always make encryption a priority for sensitive data and services.
  code_fanatic 1 year ago next
  Yes, encryption! Implement proper key management policies and best practices for both IT infrastructure managers and end-users.
security_guru 1 year ago prev next
And remember, automate repetitive tasks as much as you can for efficiency, cost savings & reducing human error. Consider SOAR tools for this.
- coding_idiot 1 year ago next
  Having an incident management process ready for potential security breaches helps save time & panic when incidents occur.
firewall_warrior 1 year ago prev next
Segment your environment & implement strong firewall rules. This prevents any compromised systems from spreading laterally in your network.