I get the Microsoft TechNet magazine, and the latest issue had a good article on Deconstructing Common Security Myths:
In our book Protect Your Windows Network, we wrote about “security myths”—things that many people believe are true about security, but which really are not…
Our version of these myths is, of course, just our opinion. People are welcome to disagree with us, and sometimes do. Naturally, we will proceed to explain why we are right and they are wrong, but all in all this type of dialectic is crucial to advancing the state of the art in security. Unless we question the commonly held wisdom, we are not only doomed to repeat past mistakes, but also to keep building on them. We would then fail to do all we can to protect our networks and the information that resides on them.
Therefore, because we think it is fun and we never seem to run out of myths (or opinions, as some refer to them), we decided to revisit the topic with a new batch.
Several of these are specific to enterprise/business customers, but there are still good suggestions for password strength, firewalls, and more. Check it out on the TechNet site…