BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Benchmarks as a Point of Reference

Posted November 3, 2010    Morey Haber

I have been reading Stephen Hawking’s new book, “The Grand Design” and am completely stunned by the analogies he uses to simplify perception, measurements, and even quantum physics. This book is not light reading and has had me looking up terms using old college textbooks and Google multiple times. The one thing that fascinates me about all of the concepts he presents is perception. We use perception every day for driving our cars to work, cooking dinner, and even comprehending the computer systems in our environment. As we comprehend how network traffic flows, we always need a frame of reference for measuring speed, quantity of data, and desired results. The analogy Dr. Hawking uses in his book relies on the concept of living in a fish bowl and looking out at the universe. From inside the fishbowl, straight lines would be curved and the shortest distance between any two points is not a straight line, but rather a curve as well. The perception then leads to measurements and ultimately theories and standards. When a set of observations and comparisons leads to standards, laws, and theories we form baselines and benchmarks to guide us through the process and have a frame of reference.

Simply, benchmarks are a set of standards that you can reference observations from and determine deviations. Benchmarks allow us to say that something deviates by some order of units. In the case of computer security, benchmarks allow us to judge how secure a system is based on best practice theory for preventing unwanted threats from compromising a host. They outline all the proper settings and run time parameters for securing a host, provide guidance on how to implement them, and finally a vehicle for testing hosts against these parameters (OVAL). IT Security benchmarks are available from a wide variety of sources such as CIS, NIST, Microsoft, and DISA. All of these can be implemented by SCAP compliant scanning solutions to benchmark how well the IT infrastructure is secured within your organization. This provides a straight line form of reference for gauging how secure you are from the latest security threats using tools created by the most brilliant minds in the industry.

IT Security benchmarks have been around for a long time. Only recently however, have the processes for implementing them and measuring them matured using automated scanning techniques in an open and standardized (non-proprietary) format. Retina CS 2.0 contains a new module called Configuration Compliance Module that allows users to load their own SCAP benchmarks for measuring the security standards within their environment. Benchmarks provide a uniform method for reporting and measuring that is well understood and uniform across businesses. It removes any assumptions or bias based on interpretation or testing criteria. The scan engine and benchmark complier are integrated into the complete multi-tier Retina management solution for a seamless perception for all the assets on the network.

Determining the state of security threats and even understanding the universe requires both standards and benchmarks. Dr. Hawking’s book simplifies this for readers. eEye has simplified both IT Security and benchmarks so that everyone can benefit from IT Security lessons learned and best practices.

Tags:
, , , , , , , ,

Leave a Reply

Additional articles

6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,
Password Game Show

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

Posted November 20, 2014    Scott Lang

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices…

Tags:
, , , , , ,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    BeyondTrust Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , , ,