There’s an excerpt from a yet-to-be released book by Jesper Johansson and Steve Riley available to read online. The article, entitled “Security Myths,” takes a look at some of the security shortcomings typical of security guides and reliance upon following a predefined set of steps without looking at the whole picture. It’s a great lesson in how to look at things, rather than how to blindly follow prescriptive advice.

Warning
This section is somewhat (OK, very) cynical. Take it with a grain of salt and laugh at some of the examples we give. Do not lose sight, however, of the message we are trying to get across: These are myths. If you are careful to avoid falling into the trap of believing them, you will be able to focus your efforts on the things that make a real difference instead of being lured like so many others into staring at a single tree and failing to see the security forest.

So what are the myths? Well, for the details go read the article, but at a high level…

Myth 1: Security Guides Make Your System Secure
Myth 2: If We Hide It the Bad Guys Won’t Find It
Myth 3: The More Tweaks the Better
Myth 4: Tweaks Are Necessary