iSEC recommendations following the Aurora attack on Google

I finally found some time to read the iSEC Partners recommendations about the attacks on Google and other companies, originated in China, in January this year.

This post is just to underline the very good reading it is for people in IT. I like it because:

• It does not look for a silver bullet but lists several points that need be addressed.
• It points out, as so many posts on this blog, that you first need to human understand and monitor what you do, before implementing costly solutions.
• It also points out that you need to work on the security of the endpoints (users' machines), especially on updating regularly client software.

Well, just go and read it, it's six page long.