Law #1: Nobody believes anything bad can happen to them until it does
Law #2: Security only works if the secure way also happens to be the easy way
Law #3: If you don’t keep up with security fixes, your network won’t be yours for long
Law #4: It doesn’t do much good to install security fixes on a computer that was never secured to begin with
Law #5: Eternal vigilance is the price of security
Law #6: There really is someone out there trying to guess your passwords
Law #7: The most secure network is a well-administered one
Law #8: The difficulty of defending a network is directly proportional to its complexity
Law #9: Security isn’t about risk avoidance; it’s about risk management
Law #10: Technology is not a panacea
Microsoft has established several best practices for improving potentially faulty configurations, the following is a concise list.
Secure all privileged accounts and groups by using proper configuration settings and techniques.
Avoid disabling security features on users’ computers.
Avoid granting excessive rights and permissions to accounts (particularly service accounts).
Avoid using identical local credentials across systems.
Do not permit the installation of unauthorized applications and utilities that create vulnerabilities.
Eliminate permanent membership in highly privileged groups.
Eliminate unnecessary applications and utilities on domain controllers.
Do not allow downloads of Internet content and freeware utilities on the domain controllers.
Limit membership in key security groups like Domain Admin