Serial podcast creator and .NET Core maniac.
Can often be found talking about everything and nothing on one of the many podcasts that he produces (only one of them is about .NET Core, honest)
Location
Leeds, UK
Education
Computer Science with Games Development - BSc
Work
.NET Development Contractor; Podcast host, producer and editor
So Is the rule of thumb is to "black list" everyone and open up access one by one?
Effectively yes. Think of your employer. Doea everyone in the world have access to your company building? I'd suspect that only those who need to be there so have access to it.
What about the server rooms? Assuming that you have on prem servers, of course. Is everyone at your work given admin access to the resources on your network? (please don't answer that one, just think about it).
You don't want to give everyone access to everything.
no one has used SSL since the 90s, but the acronym has stuck
😲 I honestly didn't know!
Yeah. The Secure Sockets Layer algorithm had too many potential flaws and was replaced with Transport Layer Security. From an end user perspective it's the same thing, though.
Serial podcast creator and .NET Core maniac.
Can often be found talking about everything and nothing on one of the many podcasts that he produces (only one of them is about .NET Core, honest)
Location
Leeds, UK
Education
Computer Science with Games Development - BSc
Work
.NET Development Contractor; Podcast host, producer and editor
Thank you again for follow-up security post, Jamie.
I am trying to understand by rephrasing.
In
Single Responsibility Principle
,So Is the rule of thumb is to "black list" everyone and open up access one by one?
Did I understand it correctly?
😲 I honestly didn't know!
Effectively yes. Think of your employer. Doea everyone in the world have access to your company building? I'd suspect that only those who need to be there so have access to it.
What about the server rooms? Assuming that you have on prem servers, of course. Is everyone at your work given admin access to the resources on your network? (please don't answer that one, just think about it).
You don't want to give everyone access to everything.
Yeah. The Secure Sockets Layer algorithm had too many potential flaws and was replaced with Transport Layer Security. From an end user perspective it's the same thing, though.
Thanks Jamie. Analogies did help solidify the concept 😀
You're welcome