BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Important Tips for Endpoint Protection

Posted June 18, 2010    Morey Haber

The guys at “Will it Blend” have done it again.  This time, they have proven through shear brute force that they can blend an iPad. This brute force and physical method for destroying the device is great marketing for their blender and if nothing else, rather entertaining.

So, without being so physical, can we destroy an iPad or other device? A quick search around the internet located various software updatesthat will near permanently destroy your device; although not physically it may make them just as useless. It is unrealistic for any administrator to test the durability of every new device and whether every update, patch, or signature update will be compatible with the environment or not and trash the device. Sometimes, just coming up with a stable baseline with various middleware, databases, and web services is tough enough. So what is an administrator to do in order to preserve business viability as various updates come out? Security best practices dictate strict change control, update testing, and documentation for any and every change. Unfortunately, many businesses just do not operate with such rigid, but essential controls.

What if you could introduce a tool to monitor your configuration, provide protection when patches are not deployed, and harden the software (sorry but protecting against a Blendtec blender is just not viable yet) to keep the device from turning into an electronic paperweight? Endpoint Protection Platformscan do just that. They combine legacy features like antivirus and anti-spyware with modern protection capabilities like application control, removable storage protection, buffer overflow protection, and intrusion prevention. They maintain a stable configuration and will thwart an attack even when no patch is present giving time for the system administrator to test a patch(es) before remediation. 

If you currently patch blindly (without first testing the updates a vendor sends out in a lab before production) please consider the following tips to keep updates from damaging your environment:

1) For Windows hosts, try a backup or at least a System Restore Point before installing any updates. This will allow you to roll back the registry and changes in case of undesirable results.

2) If possible, use a tool that can harden a host from undesirable changes that may occur from an authorized change. Many times updates fail and break solutions because malware or an unauthorized change has occurred that disrupted the accepted configuration.

3) Before any major patch release, such as a Service Pack, find a way to test the update. If you do not have a lab, virtualize the server using tools like VMWare P2V so that at least a dry run of the installation can be performed.

4) Try to adhere to a patching schedule. Make it a point to only apply patches on a predefined time and date verses “panic patching”. This will allow you to gauge whether an update really caused an issue verses tracking down a problem for an unknown reason.

5) Finally, do a little homework on the patch or let someone do the work for you. Webinars like the VEF (Vulnerability Expert Forum) are a great way to learn about new patches and what they will actually do to your system once applied.

Protecting your devices from incompatible updates is just as important as protecting them from malware and vulnerabilities. Not much will ever stop the Blendtec Blender but reasonable precautions and adopting basic best practices will help protect the system from patches that may have software and hardware incompatibilities and affect the basic operations and business functions the system is designed to perform.

Leave a Reply

Additional articles

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Bash “Shellshock” Vulnerability – Retina Updates

Posted September 24, 2014    BeyondTrust Research Team

A major vulnerability was recently discovered within bash which allows arbitrary command execution via specially crafted environment variables. This is possible due to the fact that bash supports the assignment of shell functions to shell variables. When bash parses environment shell functions, it continues parsing even after the closing brace of the function definition. If…

pbps-blog3

7 Reasons Customers Switch to Password Safe for Privileged Password Management

Posted September 24, 2014    Chris Burd

It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. With that,…

Tags:
, , , , ,