December 22nd, 2011
Bradley Manning – the Private who’s accused of downloading 110,000 U.S. State Department cables to his PC, copying them to a removable drive and then passing the information to Wikileaks – has been in the news again this week as his trial begins. The incident highlights a massive security failing by the U.S. military.
In the first instance, Manning’s ability to view classified data that he had no need to access, and secondly the capability to copy the information undetected from his workstation. While a somewhat extreme case of the unpleasant consequences desktop privileges can have for an employee, I recently stumbled across a post in an IT forum that demonstrated a similar problem – but in the corporate world.
- March 24th, 2014
What is it about Windows XP that has made getting rid of an obsolete operating system so difficult? On the face of it, it should be no contest; XP is inherently less secure than its successors, will no longer receive essential updates, cybercriminals target it more often, and it doesn’t even support the latest secure applications. These factors add up to higher support costs and risk.
- January 19th, 2014
Migrating from XP to 7 offers organizations a good moment to re-assess their security setup. But where to start?
After nearly 13 years, Tuesday 8 April is the day Windows XP reaches the end of the road as Microsoft pulls extended support. Anyone still running XP after that day will be on their own and left exposed to an inevitable wave of malware attacks lured by the pickings to be had from millions of PCs running an unpatched operating system.
- December 18th, 2013
Imagine an OS without security updates, hotfixes or support – being stuck in a world of perpetual zero days in what would effectively be open season for cybercriminals. Come April 8th 2014, this is exactly what many organizations will be facing as Microsoft withdraws it’s free support for the hugely popular Windows XP operating system.
- July 19th, 2013
Bad privilege management is as dangerous as none
Utilizing tools native to the operating system to convert Windows networks to an environment in which administrator-level privileges are the justified exception rather than the rule is often mistakenly seen as a discrete destination when it is really part of a long, ongoing, complicated journey.
It’s an easy mistake to make. Many organizations find themselves simultaneously running up to three significant generations of Windows; XP, Windows 7 and Windows 8, plus one or two way points in between such as Vista and Service Packs. Each one of these comes with slightly different ways to manage standard and administrator accounts. These include the evolving controls in User Account Control (UAC) and related technologies such as XP’s prototype whitelisting Software Restriction Policies (SRP) and 7′s AppLocker.
- July 3rd, 2013
Don’t let privilege creep be the downfall of a project to secure your company’s IT systems.
What is Privilege Creep?
Despite the work Microsoft has done to make Windows easier to run with standard user access, some Windows features and legacy applications still require administrative privileges. When users experience an issue, the first step that the helpdesk often takes is to grant administrative privileges to check that the problem isn’t caused by a lack of access rights.
Even if the problem turns out not to be caused by standard user permissions, administrative privileges are often deliberately left in place so that the user doesn’t continue to call the helpdesk, or the privileges are simply forgotten and never removed. This phenomena of moving from standard user privileges to administrative rights is referred to by system administrators as privilege creep.