Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for December, 2010


The Value of a Dashboard

I have been intrigued by the number of different paradigms used to make up an enterprise solution management console dashboard. Some are more tabular in nature like a SIM and others graphical with little text and fully animated with icons and avatars. When I first started working with enterprise solutions in the mid 1990’s, I…

Post by Morey Haber December 16, 2010
, , , ,
Guy PC

WikiLeaks and WikiWar and More Misuses of Privilege

So I can’t resist one more post on this WikiLeak phenomena that still seems to be blazing through the blogosphere and mainstream media. I’ve seen it described as everything from aWiki-War to Wiki-Gaga, and yet most writers are still forgoing that if you give someone permission to do something, they will inevitably do it. In this case, I am referring to the information technology (IT) privileges granted to individuals and associated technologies to monitor and control what these people are doing. Or the lack thereof.

Post by Peter McCalister December 16, 2010

Reducing Help Desk Costs Is a Least Privilege Benefit

The problem exists between the keyboard and the chair (PEBKAC). This is the recurring mantra of most help desk technicians and a leading cause of budget dollars bleeding out of most organizations. Why, you may ask? The answer is simple:

Post by Peter McCalister December 15, 2010

Microsoft Patch Tuesday – December 2010

To make up for a relaxing November, Microsoft unleashed 17 security bulletins today. That puts their 2010 total at 106 bulletins (unless they release an emergency out of band patch before the end of the year). This is a record for Microsoft – their previous high was 100 bulletins way back in 2000. It is…

Post by Chris Silva December 15, 2010

Sudo May Be For Sandwiches But Not Your Enterprise

Sudo has been one of the Unix/Linux administrator and self-designated geek’s best friend for the last two decades, but it probably isn’t right for your enterprise. For one thing, it’s open source software, which means no one company can be held accountable for bug fixes, enhancements or any liability resulting from flaws in design. Being a software guy, I naturally lean towards licensed code and have even written on the subject of licensed code versus freeware. So it begs the question, “What can I use sudo for safely?” I just love the t-shirts because they told me what sudo is actually good for… ordering sandwiches!

Post by Peter McCalister December 14, 2010

Privileged Accounts are Pervasive and Problematic

If someone is walking around your organization with t-shirt that says “Bow before me, for I am root.,” then you will have a big problem on your hands when the auditors come around or if a hacker decides to target your company for theft or cyber sabotage.

Post by Peter McCalister December 13, 2010

My Holiday Basket of Favorite Utilities

Regardless of your career as a security researcher, penetration tester, technical writer or sales person, you probably have a few utilities on your computer that are a “must have” for daily operations. Some of them are probably unique to your position like a port scanner and others more generic like a file compression utility. Everyone…

Post by Morey Haber December 13, 2010

Top 10 Reasons To Implement Least Privilege for Virtualized Servers

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege for Virtualized Servers are:

Post by Peter McCalister December 10, 2010

CNN Interview: Inside the Mind of a Computer Hacker

CTO Marc Maiffret discusses the recent DDoS attacks related to the recent Wikileaks:  

Post by Marc Maiffret December 10, 2010
, ,

More Than Just Patch Management for Remediation

I have been combing though some vulnerability reports and the vast majority of remediation strategies revolve around applying a patch. Simple in concept; install this patch, and the vulnerability is mitigated. The difficulty arises when you have vast quantities of the patch to deploy, are unsure whether the security update breaks any other function or…

Post by Morey Haber December 9, 2010
, , , , , , ,