BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

WikiLeaks and WikiWar and More Misuses of Privilege

Post by Peter McCalister December 16, 2010

So I can’t resist one more post on this WikiLeak phenomena that still seems to be blazing through the blogosphere and mainstream media.  I’ve seen it described as everything from aWiki-War to Wiki-Gaga, and yet most writers are still forgoing that if you give someone permission to do something, they will inevitably do it.  In this case, I am referring to the information technology (IT) privileges granted to individuals and associated technologies to monitor and control what these people are doing. Or the lack thereof.

In a previous blog titled WikiLeaks: The Disease or the Symptom, we discussed that by implementing a least privilege solution you are taking the first step towards better information technology management and a method of policing corporate governance.  The root cause (excuse the pun) should ultimately be recognized as the misuse of privilege.

Implementing a privilege identity management solution can allow you to:

 

  1. Eliminate admin rights across servers, desktops, network devices, virtual and cloud environments to prevent anyone from having omnipotent access to those resources.
  2. Control levels of privilege for those resources to ensure the elimination of the misuse of privilege.
  3. Log all events and administrator activities so that in the event of a breach or a misuse of privilege, you can remediate that breach.
  4. As today’s t-shirt points out, you can focus on the variables that positively effect your business growth instead of being at war with your user community or wind up in the press.

Leave a Reply

Additional articles

BI-5.1-user-asset-visibility-img

Understanding Who Has Access to What with BeyondInsight v5.1

Today, it’s my pleasure to introduce you to BeyondInsight version 5.1, the latest release of our IT Risk Management platform, which unifies several of our solutions for Privileged Account Management and Vulnerability Management. BeyondInsight v5.1 embodies BeyondTrust’s mission to give our customers the visibility they need to make smart decisions and reduce risk to their…

Post by Morey Haber April 15, 2014
Tags:
, , , , , , , , , , , ,

PowerBroker for Unix & Linux Now Available via Web Services

This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that…

Post by Paul Harper April 10, 2014
Tags:
, , , , ,

Heartbleed – When OpenSSL Breaks Your Heart

You’ve likely heard about the recent OpenSSL vulnerability, CVE-2014-0160, dubbed Heartbleed. The main takeaway of this vulnerability is that attackers can use this to obtain things like secret keys used for X.509 certificates, user names and passwords, instant messages, emails, and other highly sensitive information. For a technical analysis of the bug, check out this…

Post by BeyondTrust Research Team April 8, 2014
Tags:
, , ,