BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for March, 2011

pillars

Top VM Reports for Government

In continuing the series on top reports for vertical markets, this blog will focus on reports that help government entities at the state, local, and federal levels. Like any vertical, having reports that are dedicated to the mandates and requirements that matter to the organization are critical. It is not only about which vulnerabilities are…

Post by Morey Haber March 21, 2011
Tags:
, , , ,
Accidental Harm

Why Do You SUDO The Way You Do?

In the land of Unix and Linux systems administration, nothing seems to elicit such polar love and hate as does the use of SUDO for root rights elevation.

Post by Peter McCalister March 21, 2011
vistaprint-logo-02

VistaPrint Uses PowerBroker Desktops to Improve Security

VistaPrint is an online supplier of high-quality graphic design services and customized print products. They have over seven million customers and operate 17 localized websites in over 120 countries. The company is known for their standardized design and printing process, as well as the significantly reduced costs for their customers. VistaPrint has Windows Active Directory installed, operates a customer service center, and 400 end-users running Windows XP.

Post by Peter McCalister March 18, 2011
guy laptop

Back to Least Privilege Basics

Least Privilege is something we’ve talked about before, and odds are good we’ll talk about it again. The reason it keeps coming up is because it’s important! It’s the key to securing Windows desktops, and it’s fundamental in the protection of root access.

Post by Peter McCalister March 17, 2011
ipad pic

The Privilege To Roaming Access Comes With Responsibilities

We’re big fans of Apple’s iPad. How can you not like them? Svelte, sleek and slick in execution.

Post by Peter McCalister March 16, 2011
sticky

Automating Configuration Auditing

????????I want to discuss a rather simple use case with my readers that until recently, had a rather complex solution. Consider you are a major airline, corporation, or even a local government with thousands of systems that should be identical from a configuration perspective. These could be airline check-in kiosks, a call center handling support calls,…

Post by Morey Haber March 15, 2011
Tags:
, , , , , , , , ,
Good-better-best

4 Bad Habits to Kick for IT Security

Isn’t it amazing how easy it is to adopt bad habits? The crazy thing is that no one is immune- they plague each and every one of us. Whether we were taught incorrect practices or are just looking for shortcuts to make our lives/jobs/situations easier, each of us yields to poor patterns at some point in our lives.

Post by Peter McCalister March 15, 2011
Team

Do You Sudo? SHOULD You Sudo?

Chances are, if your organization utilizes Unix and Linux servers, your IT staff uses sudo. After all, sudo ships free with virtually all versions and flavors of Linux and Unix and has long been a favorite tool for administrators to define what commands OS users can execute as root, without actually disclosing the root password.

Post by Peter McCalister March 14, 2011
yinyang

The Yin and Yang of Security and Productivity

If, as I discussed in one of my last posts, we can’t rely on compliance standards for anything more than setting the minimum bar for establishing our security measures, we are back to having to do the difficult trade off analysis on the real impact of security on productivity versus the benefits. And while there is no simple answer on how to do that analysis, there may be a different way to frame the problem.

Post by Peter McCalister March 11, 2011
ninjamonkey

Talking Ninja Monkey Hacks Android

No, we are not talking about a new John Carpenter movie or tabloid headline, although this is the headline I would love to see. The real headline is that hackers found a way to hijack root for Google Android and injected malware into 21 applications.

Post by Peter McCalister March 10, 2011