Human trust is flawed. Assume the attacker is already inside the system.
-
Never trust, always verify. Every connection attempt should be authenticated and authorized
-
Implement Least Privilege. Give them the least amount of access for them to do their job
-
Assume breach. Micro segmentation which only allows traffic from specific sources