BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

wargames

War Games III: Identity Thief Irene Controls Your Missiles

Posted September 28, 2011    Peter McCalister

In 1983 Hollywood unleashed a movie called War Games that showed what a determined hacker could do if they (even accidentally) attained privileges to a military computer. The movie got good reviews and even raised an eyebrow or two on the possibilities of misuse of privilege on specific information technology, but eventually, like most tinsel town products, was retreaded into a sequel 2008 called War Games: The Dead Code which failed miserably.

Win 7

Another Reminder Why It’s Important to Eliminate Admin Rights

Posted September 27, 2011    Peter McCalister

According to a recent CNET News article, the hacker known as Comodohacker is now threatening to exploit Microsoft’s Windows Update service. This comes on the heels of Microsoft’s misstep of inadvertently offering an early look at the latest Patch Tuesday updates for 15 vulnerabilities in Windows, Office and Server products.

linux logo

Extending Password Policy To UNIX and Linux

Posted September 21, 2011    Peter McCalister

Our friends and colleagues at the Linux Foundation have been hit by a “brute force attack” and many of their sites have been taken down until the security breach is fully controlled.

villain trio

A Risk Worth Taking?

Posted September 20, 2011    Peter McCalister

It’s bad enough when an accidental insider threat compromises an organization’s security, but there’s something worse when it’s the result of a malicious past, or current employee, and according to the results of a recent survey, that’s something all employers should be worried about.

Carl-resized-600

In Denial Over Insider Threats?

Posted September 19, 2011    Peter McCalister

Ever felt like if you could just ignore something, it would go away, disappear, self-correct? Guess what? The good news is you’re not alone. The bad news is that the company you’re keeping happens to be the majority of IT security professionals responsible for protecting corporate information assets.

dave2

Insider Threats Exist in Virtualized Environments Too!

Posted September 13, 2011    Peter McCalister

Disgruntled Dave is at it again! What happens when a disgruntled IT administrator deletes the contents of 15 virtual hosts (roughly equivalent to 88 different computer servers)? According to a recent eWeek article highlighting the incident – quite a bit! For the Japanese pharmaceutical company, the attack was so damaging that it froze operations for “a number of days, leaving employees unable to ship products, to cut checks or even communicate via email,” according to court documents. Estimated damages cost the company $800,000. For the disgruntled employee, he’s looking at the possibility of serving 10 years in prison when he is sentenced in November.

DeLorean-on-ebay

Why Back to the Future Doesn’t Help Corporate Security

Posted August 29, 2011    Peter McCalister

I was recently at a convention where the DeLorian (the real one from Back to the Future!) was on display. With the doors up and open, the lights flashing, and the radio blaring, it took me right back to the movie and how awesome it would be if we could do what Marty McFly did. Although inadvertently, he went back in time and was able to influence actions and decisions that significantly improved his future. It would be awesome to go back, alter some pivotal decisions in my life, nip some bad habits in the bud, and make my future that much better. But personal life aside, think of how impactful it would be if companies were allowed to do the same.

rockybalboa

Enterprise Security Lessons from Rocky Balboa

Posted August 22, 2011    Peter McCalister

It’s amazing the effect songs have on us. Take, for example, Eye of the Tiger. If you’re like me, this brings you right back to Rocky, the Italian Stallion that won the hearts of America as he trained and fought his way to victory. That song elicits images of strategy and dedication, the two key traits to Rocky’s success. Why, you ask, do I bring this up here, on an Information Technology blog? Because the same elements that drove Rocky to success in the movie can ensure a data security victory in your IT environment.

patch-tuesday

Microsoft Patch Tuesday – August 2011

Posted August 9, 2011    Chris Silva

True to form for the even months of 2011, Microsoft released thirteen security bulletins today. Of the most interest are MS11-057 (Internet Explorer) and MS11-058 (DNS Server). While it has become fairly commonplace for Microsoft to release an Internet Explorer patch every other month, this release also patches IE9 – the second time a critical…

governance

If You Can’t Change It, You Can’t Govern It

Posted July 27, 2011    Peter McCalister

Corporate governance ensures accountability across the extended enterprise. It facilitates staying competitive and satisfying ever-changing government regulations while providing mechanisms and controls to reduce the inefficiencies that arise when individuals misuse privileges granted to them.