Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 2

This week we report the conclusions of our recent survey of 185 IT Administrators and Help Desk Operatives, in a report Legacy Applications and Least Privilege Access Management’ which reveals the way legacy apps leave Windows desktop environments unnecessarily exposed to attack from malware, as well as providing an open door to insider threats.

Post by Peter McCalister January 27, 2011

Password Rotation, Phishing and Authentication Limitations, Oh My!

As we have pointed out in several recent blog posts, getting users to choose effective passwords is hard. This is particularly important to us at BeyondTrust since for our PIM solutions to function correctly we need to accurately authenticate a user to know what access privileges to grant them While new technologies for user authentication are on the way, they aren’t here just yet.

Post by Peter McCalister January 26, 2011

Referential Integrity When Performing a Vulnerability Assessment

James Thurber wrote back in 1959, “When all things are equal, translucence in writing is more effective than transparency, just as glow is more revealing than glare.” The critical aspect of his statement is based on equality. When using multiple distributed applications, regardless of technology, having the same version on all the systems is sometimes…

Post by Morey Haber January 25, 2011
, ,
The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 1

Whenever we hear the phrase “Wild West”, the first words that come to mind are old, insecure, and vulnerable. Any old western featuring Clint Eastwood or John Wayne depicts all of these descriptions. And coincidentally “Wild West” provides the perfect analogy for the way an enterprise’s remaining legacy infrastructure interfaces with a Windows desktops environment….

Post by Peter McCalister January 25, 2011
, ,

There is No Patch For Stupidity

No, I’m not talking about a Boy or Girl Scout patch (or merit badge) now awarded for making dumb errors with information technology at work. I’m referring to the ever present vendor tech support cry of “just install the patch” whenever something goes wrong.

Post by Peter McCalister January 24, 2011

Care New England Implements Least Privilege on Desktops

Care New England, located in Providence Rhode Island is a non-for-profit healthcare system that offers a continuum of quality care, including two teaching hospitals affiliated with The Warren Alpert Medical School of Brown University, Butler and Women & Infants; a community hospital, Kent; a visiting nurse and home care/hospice agency, Care New England Home Health; and the Care New England Wellness Center. Care New England’s strengths are based on complementary programs and distinctive competencies of our partner hospitals to its partner hospitals and agencies.

Post by Peter McCalister January 21, 2011

3 Ways to Remediate Misuse of Privilege

In the event that someone in your organization does misuse privilege and causes harm (theft, damage or loss of data), you will have to immediately deal with the aftermath. In today’s security conscious enterprise, there are three level of remediation to consider:

Post by Peter McCalister January 20, 2011

I Don’t Know……Third Base?

Brian Anderson recently commented on a Wall St Journal article on The Top 50 Gawker Media Passwords. He concluded that the average user seems to either have a relaxed sense of security, a love for Abbott and Costello-like humor, or are just lazy when it comes to identity-related security. So what are smart IT security professionals to do?

Post by Peter McCalister January 19, 2011

Administrative Privileges are Behind Many, but not all Breaches

Ok – so even we admit not EVERY security breach is related to administrative privileges. We saw how horrible the passwords were of Gawker users; we know hackers exist too and there is a remaining 10% of critical Microsoft vulnerabilities that can’t be mitigated by removing admin rights. A recent reporton Virgin Media’s email recycling, which would allow a new email recipient to “retrieve a forgotten password” of the email’s previous owner could not be prevented with any measure related to administrate privileges.

Post by Peter McCalister January 18, 2011

Myth Bust: No One In My Enterprise Can Misuse Privilege

Myth Busters has become a TV phenomenon with great antics to prove or disprove commonly head “truths” as “urban legend, wife’s tale or grounded in fact-based truth. In today’s enterprise a common myth is that no one ever actually misuses the information technology (IT) privileges granted them. We thought we take a closer poke at…

Post by Peter McCalister January 17, 2011