BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
guy tie

Data Breach Excuses and What They Really Mean: Excuse 2

Posted December 28, 2010    Peter McCalister

Excuse 2: SADLY, IT’S NOT POSSIBLE TO TRUST ALL PEOPLE ALL OF THE TIME. Yep, that’s what we hear next when data shows up stolen or vandalized. So this second installment of the Top 5 Excuses for Data Breaches and What They Really Mean will attempt to translate this into what really happened and use current news to exemplify our point.

Categories:
Vulnerability Management
Guy PC

Data Breach Excuses and What They Really Mean: Excuse 1

Posted December 27, 2010    Peter McCalister

Excuse 1: IT’S TOO SENSITIVE TO COMMENT FURTHER, FOR FEAR OF RISKING SECURITY FURTHER.

Categories:
Vulnerability Management
microsoft

Microsoft Windows Fax Services Cover Page Memory Corruption

Disclosed December 27, 2010    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
BT_2011

Happy Holidays from BeyondTrust

Posted December 23, 2010    Peter McCalister

BeyondTrust wishes you a safe and happy holiday season, as well as a new year filled with privilege identity management and least privilege for all!  Don’t forget to ask your BeyondTrust sales rep for any end-of-year specials to help get that least privilege solution in before the US no longer provides Section 179 tax bennefits.

Categories:
General
Win 7

Least Privilege and Windows 7 Compatibility

Posted December 22, 2010    Peter McCalister

In planning the move to Windows 7, Application Compatibility should be a top priority. The key technology that Microsoft provides for this is the Application Compatibility Toolkit (ACT). Now in version 5.5, ACT has been around for some time, and it is designed to help identify and mitigate potential issues with application portfolios. ACT works by taking an inventory of your existing applications and analyzing them to determine if they will be compatible with Windows 7. Once the applications have been analyzed, there are a few different approaches for mitigation. One is to use the ACT shims to get the applications to run. Another option is to utilize Windows XP Mode on Windows 7. This should make the transition to Windows 7 much easier for most organizations, as well as prevent downtime for your end users.

Categories:
Vulnerability Management
microsoft

Microsoft IIS 7 FTP Buffer Overflow

Disclosed December 22, 2010    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
microsoft

Microsoft WMI Administrative Tools ActiveX Remote Code Execution

Disclosed December 22, 2010    Partially Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
PBIS-resized-600

Network Devices Need Least Privilege Too

Posted December 21, 2010    Peter McCalister

Any security infrastructure at an organization is only effective as its weakest link. All too often, the weakest link in today’s enterprise networks are the non-production servers and network devices not deemed mission critical. Eliminating shared passwords and logging activities down to the keystroke level on SSH-based network devices is a critical success factor for eliminating that security “weakest link”.

Categories:
Privileged Account Management
swiss cheese

The Swiss Cheese Model

Posted December 20, 2010    Peter McCalister

We’ve heard a lot of stories from administrators on how they tried implementing a least privileged model without a solution like PowerBroker Desktops.

Categories:
Privileged Account Management
hands

3 Steps to Good Governance with Privilege Identity Management

Posted December 17, 2010    Peter McCalister

“keep on trying until you are successful” is so much easier to read then this last offering for t-shirt slogan week. And very apropros to the theme of corporate governance. I also want to thank ThinkGeek.com for the inspiration for this week’s blog themes.

Categories:
Privileged Account Management