Edward Snowden’s data leakage at the NSA has certainly caused a ripple effect across the entire IT landscape, forcing organizations across all industries to take a closer look at their current security defenses. At the McAfee FOCUS conference in October this year, we conducted a survey to examine just how closely security professionals were rethinking their approaches to security as a result of the NSA incident. And just as important – if not more – was determining how many of those professionals were actually converting these attitudes to action. Continue reading
As the dust settles on the notorious IE zero-day exploit which was fixed in October’s Patch Tuesday, a fresh zero-day utilizing Tagged Image File Format (TIFF) files makes an appearance. Continue reading
To celebrate the 10th anniversary of Patch Tuesday this month, we take a quick look at how Microsoft’s update format changed the IT landscape. Continue reading
User Account Control was a great idea but it has taken privilege management to fulfill its potential
How did computer security get into such a troubled and confused state? It’s a question security professionals must ask themselves on a daily basis as they face demands that threaten to explode budgets while offering no guarantee that any of the expensively-assembled defenses will actually work.
The roots of the malaise go back to the early years of the millennium when enterprises and consumers using Windows 2000 and Windows XP were suddenly ambushed by waves of clever software attacks that warned the world that criminals had floored an evolutionary accelerator pedal. By the time XP and Windows received its first major security upgrade in the form of Service Pack 2 in 2004, it was becoming clear that security had entered an unsettling era that might take decades to play out. Continue reading
Plans to reduce admin numbers by 90% have probably been misunderstood
A year ago, few beyond the realms of computer security, politics and journalism had even heard of the US National Security Agency (NSA) let alone could explain what it did. Then the Edward Snowden affair happened and suddenly one of the world’s most secretive organizations overnight turned into one which has had its every action and statement pored over with huge fascination.
Even so, when NSA director General Keith Alexander turned up at the International Conference on Cybersecurity in New York on 8 August to speak at a roundtable discussion, he probably didn’t think he was going to say much that hadn’t already been said in recent weeks.
Then he mentioned plans to reduce the number of NSA IT system administrators by a dramatic-sounding 90 percent, and people’s ears pricked up. Edward Snowden was a system administrator, of course, one of around 1,000 employed by the Agency itself, or indirectly through consultancy firms. Was this a way of saying that sysadmins at the NSA had too much power and getting rid of them would reduce the risk of another embarrassing breach? Continue reading
Why privilege management must apply to everyone
Administrators, privileged network deities or just a type of ordinary network user much the same as anyone else? Years into an age where IT security has become a mainstream topic, this remains the sort of polarising question that can provoke one of two reactions; shock or relief.
Those in the ‘shock’ camp will probably have grown up used to the traditional divide in which there were only two types of network being; the queen bees at the centre of chaotic and uncertain network who needed absolute power and were called ‘network admins’. Everyone else was mortal and had to make do with a support number stating the hours of service. In too many organizations, the power of admins was not only seen as natural so much as necessary, a benign dictatorship of those ‘in the know’.
This model persists, especially in smaller organizations, but it is obsolete because, quite simply, it creates unquantifiable risk. For anyone who agrees with this analysis, the realization that admins are just a specialized type of user is more likely to elicit the second response…that of relief. Continue reading
Privilege Guard’s UAC Replacement Extends to MSI Packages
For quite some time we have supported Windows Installer packages, empowering standard users to run MSI’s, MSU’s and MSP’s that would require administrator privileges to complete. This functionality is fundamental in most least privilege deployments, where power users are delegated the privilege of choosing their own productivity tools.
We worked closely with our customers to understand how we can improve this offering, and came up with some additional use cases. We listened, and we delivered a much better user experience in 3.8. Continue reading
Privilege Guard v3.8 introduces Drive Rule
The Drive Rule is a new validation rule that lets you match applications being executed from particular types of drive. Not too dissimilar in concept to the file path rule (where applications are matched based on their directory location), the drive rule lets you target the drive itself.
So what do we mean by drive?
Basically, anything which shows up under My Computer with a drive letter.
Why is that important?
As you know, storage comes in many forms and all modern PC’s and laptops allow extra storage, or peripherals, to be plugged into external ports. Any storage peripheral that is plugged in, or loaded in the case of a CD-Rom, will then register itself with Windows as a drive, and pop up in Explorer ready for the user to access. Continue reading
Remote Administration of Servers and Desktops with Least Privilege
Microsoft PowerShell is an essential tool to manage and administer servers and desktops in the enterprise. As time passes, an increasing array of Microsoft Windows operating system components and Windows applications are being automated through PowerShell cmdlets. Since PowerShell has a secure remote connection capability, administrators work from their own computer to manage many remote machines. However, this efficient administrative practice requires IT Staff to have admin rights on hundreds or thousands of desktops and servers in the organization.
Avecto Privilege Guard enables granular elevation of PowerShell scripts and cmdlets over remote PowerShell sessions and interactive logons for standard user accounts. This new feature of Privilege Guard benefits from the same characteristics that made Privilege Guard popular:
- centralized management through an intuitive policy model
- granular control of specific PowerShell cmdlets or scripts
- Enterprise auditing and reporting
This new enterprise-class capability is set to change perspectives on central administration controls that fail to deliver least privilege. Least privilege: it’s not just for end users! Continue reading
Privilege Guard becomes the only privilege management solution to provide control of Windows Services
Services play an integral part of endpoint functionality – they are components of many desktop products, and almost all server implementations. On desktops, services run in the background across multiple user sessions, most commonly for products such as antivirus, firewalls and other security products. On servers, many roles function as services because of the performance and high availability requirements of applications in the datacenter.
In addition, many native features of Windows run as background processes, and are enabled or disabled from its service.
So it’s a fair assumption that no matter your role within the organization, at some point there may be a need to interact with a service, and herein lies the issue.
Services are typically accessed through the Services.msc management console, Task Manager, or from the net.exe command line. Other 3rd party tools offer extended functionality for managing services. But one thing in common is that managing services (with a few exceptions) requires administrator privileges. Granting those privileges to the application is great if you want your user to have access to ALL services, but what if you need a bit more control? Access to services should be restricted to only authorised personnel – the people responsible for what they deliver to an organisation. Put it another way, services should be out of bounds. Continue reading