10 principles to secure our devices

Recently I read “Click Here to Kill Everybody” by Bruce Schneier. I really recommend this book to anyone. It is not targeted to a technical audience, although you might enjoy it a tiny bit extra if you are familiar with cyber security.

In this post I want to highlight one of my favorite parts, where Schneier lists ten principles to secure our devices.

In chapter 6 What a Secure Internet+ looks like, Schneier lists ten principles vendors of Internet enabled products should follow for a safer world. I am transcribing these quoting them from my audiobook, so they may be inexact, but the spirit is intact.

  1. Be transparent. Vendors should clearly state how their security works, which threads they secure against and which they don’t. […]
  2. Make the software patchable. […] vendors also need to patch quickly, once vulnerabilities are discovered. […]
  3. Test preproduction. All software should be tested for security before it is released.
  4. Enable secure defaults operation. Devices should be secure out of the box, without requiring users to configure them.
  5. Fail predictively and safely. If a device loses its Internet connection it should fail gracefully, in a way that it does not cause any harm.
  6. Use standard protocols and implementations. Standard protocols are generally more secure and better tested, and custom protocols are the opposite. […]
  7. Avoid known vulnerabilities. Vendors should not ship products that contain known vulnerabilities.
  8. Preserve offline functionality. Users should be able to turn off all incoming and outgoing network connections while still being able to use the device. […]
  9. Encrypt and authenticate data. Data should be encrypted on the devices and communications to and from them should both encrypted and authenticated.
  10. Support responsible security research. Vendors should allow research on their products and welcome vulnerability reports, not harass researchers.

I like them all, but if I was pressed to choose one I think I would go with Enable secure defaults operation. For me, this is the principle that would have the biggest impact in my circle making my loved ones safer.

Do you have a favorite?

I hope to post a list, from the same chapter, for security principles for our data, not our devices.

Photo by Markus Winkler on Unsplash

👋 Subscribe!

If you like this content, you might consider subscribing to this site's RSS feed. This is the best way to stay up to date with new content on the site. If you don't know how to subscribe, you can check this tutorial.

Comments