I was re-reading one of Marcus Ranum's posts to the firewall wizards mailing list. (Tue, 20 Jul 2004 23:49:40 -0400). It was terrific. Jump to it and read it.
Plain and simple stuff that -- if people do them -- will reduce risk.
I had a similar list in an Advanced Firewalls class I taught for N+I and a "Tools and Techniques" class for CSI. I got bad reviews in the Advanced Firewalls class. Maybe I am a crummy teacher, but of course I don't believe that. I think the students really want some really neat-o, cool devices to run, hand-held thingies to try, and something that was wireless as well. But few of those things help as much as sticking to the basics. And they don't like to hear it.
I just saw an article via Security Wire perspective. If this ugly URL isn't broken, you'll again find a whole bunch of brilliant stuff that a very few of us keep pounding on. See this ugly URL. So, I wondered how do we ever get people to listen when they really, really do want magic or priest-craft?
Marcus pointed out that "'my words, like silent raindrops fell...' - nobody wants to hear it."
A few days later, I was looking for somethings to help an IT manager to start looking at security policies. I found a number of old articles on my site, for example: