Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


DCI Selects PowerBroker Safe to Meet Regulatory Compliance

DCI, a developer of core bank processing software, is a privately owned company founded in 1963. The corporation delivers technology solutions that allow banks to prosper and thrive. Because of the nature of the company and the services it provides, heavy IT support is necessary for the deletion, migratino, and back-up of large amounts of sensitive data.

Post by Peter McCalister April 15, 2011
guy tie

…But I’ve Always Had Admin Rights!

USER: “What’s that you say? You’re going to lock down my computer and make me a standard user? But I’ve always had admin rights! I NEED them to do my job effectively!” ADMIN: “…but do you really?”

Post by Peter McCalister April 14, 2011

Privilege Identity Management Provides Essential Protection

Tying the record for the most security bulletins issued at one time, Microsoft released 17 bulletins addressing 64 vulnerabilities this week in Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and the Graphics Device Interface (GDI+).

Post by Peter McCalister April 13, 2011

Microsoft Patch Tuesday – April 2011

Well, Microsoft is nothing if not predictable these days. After a nice, light March, they dropped a ton of security bulletins this month – 17 to be exact. That ties their record set just a few months ago (back in December 2010), and gives them a total of 34 so far this year. Today’s release…

Post by Chris Silva April 13, 2011

Building a Better Assessment Process

One of the fundamental problems with vulnerability assessment scanning technologies is targeting devices for assessment. Every vendor in the space uses lists of host names, address groups, or computers from an Active Directory OU to build a scan policy and target list. This technique, while incredibly valuable for initial assessment and discovery, wastes precious time accessing devices that may not even be relevant to an assessment based on operating system or even installed applications during future scans. Vulnerability Assessment vendors in general fail to consider the history of a target in performing new scans and allow their technology to become stale based on traditional targeting philosophies.

Post by Morey Haber April 12, 2011
Mcafee report

McAfee Report Implies We’re Still Focused Externally

You may have already seen the results of a 1,000+ person survey conducted recently by McAfee and wrapped up in a crisp report. They estimate that businesses have lost more than $1 trillion in 2008 as a result of data leaks. With the help of SAIC and international research firm Vanson Bourrne, the company has added some meaty authority to what would otherwise be seen as a vendor-biased report.

Post by Peter McCalister April 12, 2011

Cause and Effects of Not Running with Least Privilege

Building an enterprise on least privilege is not just a concept that applies to Microsoft. While Microsoft does contribute to the security issues associated with letting all users run with administrator rights (or no rights at all), it is a situation every operating system is plagued with.

Post by Peter McCalister April 11, 2011

Confessions of an Informed IT Director

Hi, my name is Barney, I’m an IT Director at a multi-national telecommunications company and it’s been 2 years, 4 months, 1 week, 3 days and 11 hours since my last failed audit. (All together now) HI BARNEY!

Post by Peter McCalister April 8, 2011
Break in

Scanning Problems through a Firewall

Vulnerability assessment scanning through a network or host-based firewall can create an unknown level of complexity, uncertainty into the quality of scan results, and a change control process that essentially decreases the security posture of the network and / or host in order to perform a vulnerability assessment scan.

Post by Morey Haber April 7, 2011
, ,

NASA Vulnerability and Admin Rights

A report came out recently highlighting vulnerabilities in NASA’s IT that could have impaired critical space missions or leaked sensitive information.

Post by Peter McCalister April 7, 2011