BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Speaking of Human Nature, Desktop Computing And Least Privilege

Posted October 10, 2011    Peter McCalister

Indeed, people are known to behave differently inside and outside of the office, where the culture is different. Lines between professional and home life become blurred, and people take the suit off at home, log in in their shorts, but that doesn’t mean they should take their corporate hat off, as well. But what is the answer? Eliminating administrator rights without allowing for the elevation of certain job-necessary privileges is not the answer. Locking down a system is like asking everyone to raise his or her hand to go to the bathroom, – it shows the downside of mistrusting human nature.

Trust is not a value that can be applied in a fixed dose; it has to be measured to meet the needs of the individual’s role. Trust is a medicine that has to be applied carefully in prescribed doses based on role, policy and circumstance. Just as you shouldn’t just gulp down an entire prescription when leaving the pharmacy assuming it will cure the problem in one go, so to you can’t just apply blanket privileges to users throughout your organization and expect that to solve your potential insider breach problem.

If you’ve read the marketing propaganda delivered by most operating system vendors, you have seen that they would like you to believe that their latest version will solve every problem known to exist just short of world hunger and world peace in the process. It behooves you therefore to be aware of many glaring gaps that Windows exposes in privileged identity management.

Leave a Reply

Additional articles

Are Your Data Security Efforts Focused in the Right Area?

Posted January 28, 2015    Scott Lang

Vormetric Data Security recently released an insider threat report, with research conducted by HarrisPoll and analyzed by Ovum. Based on the survey responses, it is apparent that there is still a great deal of insecurity over data. However, the results also show that there may be misplaced investments to address those insecurities. I will explain…

Tags:
ghost

GHOST Vulnerability…Scary Indeed

Posted January 28, 2015    BeyondTrust Research Team

A vulnerability discovered by Qualys security researchers has surfaced within the GNU C Library that affects virtually all Linux operating systems. The vulnerability lies within the various gethostbyname*() functions and, as such, has been dubbed “GHOST.” GHOST is particularly nasty considering remote, arbitrary code execution can be achieved. In an effort to avoid taxing DNS lookups, glibc developers introduced…

Tags:
,
dave-shackleford-headshot

Your New Years Resolution: Controlling Privileged Users

Posted January 27, 2015    Dave Shackleford

Is 2015 the year you get a better handle on security? The news last year was grim – so much so, in fact, that many in the information security community despaired a bit. Really, the end-of-the-year infosec cocktail parties were a bit glum. OK, let’s be honest, infosec cocktail parties are usually not that wild…

Tags:
, , ,