BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
sticky

The Value of a Dashboard

Posted December 16, 2010    Morey Haber

I have been intrigued by the number of different paradigms used to make up an enterprise solution management console dashboard. Some are more tabular in nature like a SIM and others graphical with little text and fully animated with icons and avatars. When I first started working with enterprise solutions in the mid 1990’s, I…

Categories:
General
Tags:
, , , ,
Guy PC

WikiLeaks and WikiWar and More Misuses of Privilege

Posted December 16, 2010    Peter McCalister

So I can’t resist one more post on this WikiLeak phenomena that still seems to be blazing through the blogosphere and mainstream media. I’ve seen it described as everything from aWiki-War to Wiki-Gaga, and yet most writers are still forgoing that if you give someone permission to do something, they will inevitably do it. In this case, I am referring to the information technology (IT) privileges granted to individuals and associated technologies to monitor and control what these people are doing. Or the lack thereof.

Categories:
Privileged Account Management
sweep-under-rug

Reducing Help Desk Costs Is a Least Privilege Benefit

Posted December 15, 2010    Peter McCalister

The problem exists between the keyboard and the chair (PEBKAC). This is the recurring mantra of most help desk technicians and a leading cause of budget dollars bleeding out of most organizations. Why, you may ask? The answer is simple:

Categories:
Privileged Account Management
patch-tuesday

Microsoft Patch Tuesday – December 2010

Posted December 15, 2010    Chris Silva

To make up for a relaxing November, Microsoft unleashed 17 security bulletins today. That puts their 2010 total at 106 bulletins (unless they release an emergency out of band patch before the end of the year). This is a record for Microsoft – their previous high was 100 bulletins way back in 2000. It is…

Categories:
Security Research
microsoft

Microsoft Windows Graphics Rendering Engine Buffer Overflow

Disclosed December 15, 2010    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
yinyang

Sudo May Be For Sandwiches But Not Your Enterprise

Posted December 14, 2010    Peter McCalister

Sudo has been one of the Unix/Linux administrator and self-designated geek’s best friend for the last two decades, but it probably isn’t right for your enterprise. For one thing, it’s open source software, which means no one company can be held accountable for bug fixes, enhancements or any liability resulting from flaws in design. Being a software guy, I naturally lean towards licensed code and have even written on the subject of licensed code versus freeware. So it begs the question, “What can I use sudo for safely?” I just love the t-shirts atThinkGeek.com because they told me what sudo is actually good for… ordering sandwiches!

Categories:
Vulnerability Management
hands

Privileged Accounts are Pervasive and Problematic

Posted December 13, 2010    Peter McCalister

If someone is walking around your organization with t-shirt that says “Bow before me, for I am root.,” then you will have a big problem on your hands when the auditors come around or if a hacker decides to target your company for theft or cyber sabotage.

Categories:
Privileged Account Management
blowfish-98x98

My Holiday Basket of Favorite Utilities

Posted December 13, 2010    Morey Haber

Regardless of your career as a security researcher, penetration tester, technical writer or sales person, you probably have a few utilities on your computer that are a “must have” for daily operations. Some of them are probably unique to your position like a port scanner and others more generic like a file compression utility. Everyone…

Categories:
General
lock

Top 10 Reasons To Implement Least Privilege for Virtualized Servers

Posted December 10, 2010    Peter McCalister

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege for Virtualized Servers are:

Categories:
General

CNN Interview: Inside the Mind of a Computer Hacker

Posted December 10, 2010    Marc Maiffret

CTO Marc Maiffret discusses the recent DDoS attacks related to the recent Wikileaks:  

Categories:
General
Tags:
, ,