February 1st, 2016

The Cyber Pyramid Scheme

In a previous blog I discussed why it is important to focus on the endpoint first when it comes to security. This generated some really interesting discussions with people arguing the case for product X and Y or asking “what about detection on the endpoint?”

Continue Reading

Don’t fall victim to Privilege Creep!

Don’t let privilege creep be the downfall of a project to secure your company’s IT systems.

What is Privilege Creep?

Despite the work Microsoft has done to make Windows easier to run with standard user access, some Windows features and legacy applications still require administrative privileges. When users experience an issue, the first step that the helpdesk often takes is to grant administrative privileges to check that the problem isn’t caused by a lack of access rights.

Even if the problem turns out not to be caused by standard user permissions, administrative privileges are often deliberately left in place so that the user doesn’t continue to call the helpdesk, or the privileges are simply forgotten and never removed. This phenomena of moving from standard user privileges to administrative rights is referred to by system administrators as privilege creep.

Continue Reading

How a single rogue admin humbled Switzerland’s Intelligence Agency

So who guards the guards?

Here’s the scary thing about admins. They are hired to guard the security battlements, to be the keepers of the keys, and to pull an organization out of a hole when outsiders or employees do something inconvenient, unpleasant or worse. The job implies huge trust.

But what happens if an admin, to borrow military parlance, ‘goes rogue’? That it happens from time to time is well-established and yet most organizations remain almost defenseless against the threat posed by such a high-level insider attack.

Ask the Swiss Federal Intelligence Agency (NDB), which discovered earlier this year that one of its admins had become disaffected enough to siphon off terabytes (yes, terabytes) of top secret information with the hope of hawking it to the foreign intelligence services.

Continue Reading

Desktop Misadventures

Bradley Manning – the Private who’s accused of downloading 110,000 U.S. State Department cables to his PC, copying them to a removable drive and then passing the information to Wikileaks – has been in the news again this week as his trial begins. The incident highlights a massive security failing by the U.S. military.

In the first instance, Manning’s ability to view classified data that he had no need to access, and secondly the capability to copy the information undetected from his workstation. While a somewhat extreme case of the unpleasant consequences desktop privileges can have for an employee, I recently stumbled across a post in an IT forum that demonstrated a similar problem – but in the corporate world.

Continue Reading

Who’s in Charge of User Account Control?

Microsoft’s Security Intelligence Report (SIR) v10, published in May this year, revealed figures that show Windows 7 is the company’s most secure operating system, reporting that the OS suffered fewer security incidents per 1000 computers than any other supported version of Windows in 2010. Windows 7 64-bit edition had 2.5 infections per 1000 computers, with 32-bit Windows 7 coming in at 3.8. This compared to 15.9 infections for Windows XP SP3 and 19.3 for XP SP2.

Continue Reading

Assigning admin privileges on Domain Controllers

Active Directory (AD) is the core of a Windows Server network and consists of a database that stores usernames and passwords, plus several technologies that work together to provide security and management services to clients and servers. Domain controllers (DCs) are servers that host a copy of the AD database and run related services.

Continue Reading