BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Important Tips for Endpoint Protection

Posted June 18, 2010    Morey Haber

The guys at “Will it Blend” have done it again.  This time, they have proven through shear brute force that they can blend an iPad. This brute force and physical method for destroying the device is great marketing for their blender and if nothing else, rather entertaining.

So, without being so physical, can we destroy an iPad or other device? A quick search around the internet located various software updatesthat will near permanently destroy your device; although not physically it may make them just as useless. It is unrealistic for any administrator to test the durability of every new device and whether every update, patch, or signature update will be compatible with the environment or not and trash the device. Sometimes, just coming up with a stable baseline with various middleware, databases, and web services is tough enough. So what is an administrator to do in order to preserve business viability as various updates come out? Security best practices dictate strict change control, update testing, and documentation for any and every change. Unfortunately, many businesses just do not operate with such rigid, but essential controls.

What if you could introduce a tool to monitor your configuration, provide protection when patches are not deployed, and harden the software (sorry but protecting against a Blendtec blender is just not viable yet) to keep the device from turning into an electronic paperweight? Endpoint Protection Platformscan do just that. They combine legacy features like antivirus and anti-spyware with modern protection capabilities like application control, removable storage protection, buffer overflow protection, and intrusion prevention. They maintain a stable configuration and will thwart an attack even when no patch is present giving time for the system administrator to test a patch(es) before remediation. 

If you currently patch blindly (without first testing the updates a vendor sends out in a lab before production) please consider the following tips to keep updates from damaging your environment:

1) For Windows hosts, try a backup or at least a System Restore Point before installing any updates. This will allow you to roll back the registry and changes in case of undesirable results.

2) If possible, use a tool that can harden a host from undesirable changes that may occur from an authorized change. Many times updates fail and break solutions because malware or an unauthorized change has occurred that disrupted the accepted configuration.

3) Before any major patch release, such as a Service Pack, find a way to test the update. If you do not have a lab, virtualize the server using tools like VMWare P2V so that at least a dry run of the installation can be performed.

4) Try to adhere to a patching schedule. Make it a point to only apply patches on a predefined time and date verses “panic patching”. This will allow you to gauge whether an update really caused an issue verses tracking down a problem for an unknown reason.

5) Finally, do a little homework on the patch or let someone do the work for you. Webinars like the VEF (Vulnerability Expert Forum) are a great way to learn about new patches and what they will actually do to your system once applied.

Protecting your devices from incompatible updates is just as important as protecting them from malware and vulnerabilities. Not much will ever stop the Blendtec Blender but reasonable precautions and adopting basic best practices will help protect the system from patches that may have software and hardware incompatibilities and affect the basic operations and business functions the system is designed to perform.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,