BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Penetration Tools (Updated)

Posted May 3, 2010    Morey Haber

The post I had here earlier was worded in a way that was misleading, and I want to rewrite it now so that I’m perfectly clear.

Thousands of legitimate individuals and businesses (including eEye) perform penetration testing, which is useful, required by regulatory compliance, and a very important tool in the security industry. Referring to it as anything besides a tool is a poor choice of language, and I want to correct it. My main issue is with running penetration testing tools against assets that the user either does not own or is not responsible for. And, the easy availability of such tools, often free of charge, opens the door for this potential abuse. On the contrary, it also makes it easier for businesses to test themselves whether a vulnerability can be exploited. This is a difficult balance.

With many years in this business, I’m well acquainted with what can go wrong, and what I hoped to convey was the importance of well-managed testing under the watch of a user who knows what they’re doing. When these tools aren’t used as they are intended to be, with care and professionalism, damage can be done. Having them free, and readily available for everyone increases the risk of the wrong person, using the right tools, in the wrong way.

Additional articles

IRS-Data-Breach

The tip of the IRS data breach – and it IS an iceberg

Posted May 27, 2015    Morey Haber

The IRS has been warned for decades about their security best practices. And now, at least 100,000 Americans have had their records compromised. How? The IRS uses a service called “Get Transcript”.

Tags:
, , ,
dave-shackleford-headshot

Tales from the Datacenter: Vulnerability Management Nightmares

Posted May 27, 2015    Dave Shackleford

Vulnerability scanning, threat management, risk analysis, patching, and configuration management are some of the major activities usually associated with vulnerability management, and none of these are new…so why are we failing so badly at many of them?

Tags:
, ,
Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.