BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
goldie locks cover

We Are Now Entering The “Goldilocks Zone”

Posted December 28, 2011    Peter McCalister

Turns out that Goldilocks isn’t just a children’s story, or even a metaphor used by marketing-types extolling the vices of extremeism and the virtues of “just right” privileges. Yep, even astronomers coop Goldilocks to describe the perfect zone for habitable planets. In a recent Associated Press article titled “New Earth-like Planet Discovered Outside Our Solar…

Categories:
General
villain trio

Insider Threats – Are They Just Human Nature?

Posted December 27, 2011    Peter McCalister

This week’s culprit of data misuse: Telstra, Australia’s leading telecommunications and information services company. It was reported that personal and account details of approximately one million customers were available on the Web – in plain sight for any Internet browser to see. While the mess is being called inadvertent, the potential damage to customers is…

Categories:
General
Accidental Harm

The Law Of Unintended Consequences

Posted December 21, 2011    Peter McCalister

It’s been a long while since I’ve logged into a UNIX box at the console or via telnet. But back when I was first learning my way around UNIX in the late 80’s and early 90’s, I vividly remember the nearly universal greeting when logging in as root: ————————————– login: root password: Don’t login as…

Categories:
General
Carl-resized-600

Compliance Considerations For 2012

Posted December 20, 2011    Peter McCalister

As 2011 comes to a close, it’s time to start looking ahead to what 2012 will bring, including compliance considerations for the New Year. All regulations emphasize fraud control, therefore internal automated controls over all access (especially privileged users) will provide assurance; the Ponemon Institute has identified “privileged access” as an area of “higher risk…

Categories:
General
finding money

Hard Versus Soft Cost Of Privilege Misuse

Posted December 19, 2011    Peter McCalister

All costs aren’t completely obvious. Simply stated, the principle of least privilege means that a user must run with the least amount of privilege for the least being performed. And what does this mean for you? It means you should look closely at eliminating administrator rights from users who don’t absolutely need them, and elevate…

Categories:
General
lucy2

Of Saints, Sinners and The Least Privileged

Posted December 16, 2011    Peter McCalister

As I’ve waded through the hundreds of published insider breaches from just the last two years, what is a clear recurring theme is that of the vagaries of human nature. Not meaning to wax poetic, but it is always an individual who misused their own, or some other insider’s, privileged access authorizations to information technology…

Categories:
General
patch-tuesday

Microsoft Patch Tuesday – December 2011

Posted December 13, 2011    Chris Silva

To wish IT administrators everywhere a happy holiday, Microsoft today released 13 security bulletins. Microsoft had initially planned to release 14 bulletins, but a bulletin related to the BEAST vulnerability was held back for not behaving well with other other software. Assuming it can be whipped into shape, it will most likely make an appearance…

Categories:
Security Research
bret-michaels1-98x98

Security Predictions: All Hat, No Cattle

Posted December 13, 2011    Marc Maiffret

This is the time of the year where holiday parties are had, gifts are exchanged, and everyone and their brother in the security industry write blog posts and press releases about their predictions for the coming year. This time of the year reminds me of how important eEye’s message of “Security in Context” is given…

Categories:
General
Tags:
,
annie

Accident Prone Annie Unintentionally Helps Hacker

Posted December 13, 2011    Peter McCalister

Marriott International Corporation became the latest victim to an interesting twist on an insider attack. According to Dark Reading, a prospective employee named Attila Nemeth, “pilfered sensitive documents from the hotel chain and then attempted to use the stolen intelligence to blackmail it for employment.” Who would think that blackmailing a potential employer would lead…

Categories:
General
villain trio

SMBs Need Least Privilege Too

Posted December 12, 2011    Peter McCalister

Depending on which area of information technology you hail from, SMB could mean System Management Bus, Server Message Block, or Small and Medium Business. For the purposes of today’s blog it is the latter. Smaller companies seem to believe, on average, that they aren’t as susceptible to insider attacks and security breaches as large fortune…

Categories:
General