Our thoughts, industry views and technology trends

Featured

Contributor:
Russell Smith
July 3rd, 2013

Don’t fall victim to Privilege Creep!

Don’t let privilege creep be the downfall of a project to secure your company’s IT systems.

What is Privilege Creep?

Despite the work Microsoft has done to make Windows easier to run with standard user access, some Windows features and legacy applications still require administrative privileges. When users experience an issue, the first step that the helpdesk often takes is to grant administrative privileges to check that the problem isn’t caused by a lack of access rights.

Even if the problem turns out not to be caused by standard user permissions, administrative privileges are often deliberately left in place so that the user doesn’t continue to call the helpdesk, or the privileges are simply forgotten and never removed. This phenomena of moving from standard user privileges to administrative rights is referred to by system administrators as privilege creep.

 

Continue Reading

Who administrates the admins?

The challenge of finding the right balance between giving too many admin rights vs. too little admin rights is often talked about from the end user perspective, however the same challenge applies to those managing the IT department itself and this is a part of the journey that is often overlooked.

Continue Reading


Are admin rights the biggest threat to enterprise security?

Last week saw the launch of the latest Microsoft Vulnerabilities Report, Avecto’s leading research project into the security bulletins issued by the software giant over the past 12 months. Now in its third year, the report has consistently provided intriguing insight into today’s threat landscape, the common attack vectors and the products within the Microsoft portfolio that cause IT departments the most sleepless nights.

Continue Reading


Why elevating the issue won’t always alleviate it

“We’ve done it!” – The majority of your users have admin rights removed, meaning your environment is far more secure than it was before and you’ve successfully mitigated 85% of critical vulnerabilities in Windows. But are you as secure as you think? A surprisingly common pitfall that we come across in the support team are those who, either intentionally or unwittingly, elevate everything. Everything.

Continue Reading


Microsoft Vulnerabilities Report 2015 – What you need to know

Now in its third year, the 2015 Microsoft Vulnerabilities Report analyses the data from Security Bulletins issued by Microsoft throughout 2015. Typically issued on the second Tuesday of each month, these “Patch Tuesday” bulletins contain fixes for vulnerabilities affecting Microsoft products. With the launch of Windows 10, this approach changed slightly, with patches being released as soon as they are available.

Continue Reading


Fear and Loathing in Las Vegas – Advanced attacks and the InfoSec dream

During August members of the InfoSec community leave the comfort of their ergonomic desks and head out into the Nevada desert on a spiritual pilgrimage to Las Vegas. This mass movement is no coincidence, the draw is clear with Black Hat, DEF CON, BSides Vegas and the Star Trek Convention all occurring within a week. If you have an interest in offensive security, protecting data or ensuring your car cannot be remotely hijacked, Las Vegas is the place to be in August.

Continue Reading