Public:Best Practices

From CyVon Wiki
Jump to navigation Jump to search

Best Practices

This is a list of the most commonly violated best practices and where they come from. Please note that although you CAN violate these and still be ok, you need to think long and hard about the implications to you, your client, and the security of your network/product. Please always remember, just because nobody has discovered your flaw (that you know of), does not mean it's not there!

  • MS Least-Privilege Administrative Model, NSA Least-Privilege Administrative Model
    • General Idea: A user who is not doing X, should not have permission to do X.
    • Normal Violation: All users who run X program need full/local administrator privileges.
    • Normal Rationalization: We want users to be able to update our program whenever we release a new version.
    • Fix: Use other folders for commonly updated data. Require admin privileges for major updates. Allow systems administrators to do their job approving and deploying software in a controlled manner to maintain stability across the company.
  • MS UAC Best Practices
    • General Idea: UAC was introduced in Windows 7 to increase security on windows desktops, do not turn it off.
    • Normal Violation: Program X does not work with UAC turned on.
    • Normal Rationalization: Program X has not been updated in any significant way since windows 98 and writes data to Program Files
    • Fix: Update your program to not require administrative access. Use other folders for commonly updated data. Require admin privileges for major updates.
Retrieved from "https://wiki.cyvon.com/index.php?title=Public:Best_Practices&oldid=101"