Andrew Avanessian
January 21st, 2014

Using least privilege to achieve compliance: The dual benefit

What do the guidelines of PCI DSS, FDCC, SOX and HIPAA have in common? These mandates, in addition to other commonly implemented regulations, either explicitly demand or at least suggest the use of least privilege security to effectively safeguard data. In terms of compliance, this methodology has a dual benefit – not only does it satisfy auditors, but it will also protect against security breaches that could result in destructive data loss.

Continue Reading

Centralized management: ignore the user at your peril

Admins must immerse themselves in the complex world of the endpoint

Centralized management has been an everyday part of computing since the era of the mainframe and yet many decades on its design, operation and ultimate purpose is still undergoing a fascinating and restless evolution.

History should have ended with the mainframe: centralizing the management of computing resources was the natural order; simple, time-efficient, obviously cheaper and absolutely predictable. Then a bunch of clever people came up with the microprocessor and its revolutionary progeny, the personal computer, and centralization built on a simple top-down hierarchy was swept away.

Continue Reading

How a single rogue admin humbled Switzerland’s Intelligence Agency

So who guards the guards?

Here’s the scary thing about admins. They are hired to guard the security battlements, to be the keepers of the keys, and to pull an organization out of a hole when outsiders or employees do something inconvenient, unpleasant or worse. The job implies huge trust.

But what happens if an admin, to borrow military parlance, ‘goes rogue’? That it happens from time to time is well-established and yet most organizations remain almost defenseless against the threat posed by such a high-level insider attack.

Ask the Swiss Federal Intelligence Agency (NDB), which discovered earlier this year that one of its admins had become disaffected enough to siphon off terabytes (yes, terabytes) of top secret information with the hope of hawking it to the foreign intelligence services.

Continue Reading

Admin Rights – Your Achilles Heel

Whether a large enterprise or an SMB, every organization experiences IT hindrances that result in support calls to the help desk. Calls might span a variety of issues, from trouble downloading software to something as simple as connecting to a printer. At a glance, these issues seem to stand independently of each other, differing in nature, cause and solution. However, organizations should realize there is often an underlying basis that serves as their common root – admin rights. While this might not immediately stand out as a core weakness, admin rights might be considered the Achilles heel, where one slight misuse could bring the entire organization to its knees.

Continue Reading

Protecting Passwords with Least Privilege Security

Least privilege security and application whitelisting are all about protecting systems from unwanted change, but are also critical when it comes to protecting users’ credentials and domain admin passwords. While preventing key logging software from getting onto your systems is the most evident way these defenses might stop account credentials from being compromised, there are some less obvious advantages too.

Continue Reading

Unsecured PCs Can Put Your Critical Infrastructure at Risk

In an ideal world, critical IT systems should never rely on the security of lesser devices. But in practice, computer networks are complicated and many dependencies exist, some of which are more desirable than others, and eliminating all unwanted dependencies is a difficult task.

Continue Reading