Saturday 17 July 2010

The best way to prevent hacking is to lock down computers and restrict what software can run

In Roger A. Grimes’ article Security rule No. 1: Assume you're hacked, he notes that the best way to prevent hacking is to lock down computers and restrict what software can run.

Second, the best way to prevent hacking is to lock down workstations and servers and to allow only pre-approved software run on them. Most IT departments have no idea about what is and isn't running on all the computers under their control. Use a software inventory or an application control program to learn what is running, review each active program, approve what is needed, and prevent the rest from running. If you can't take this step, then it's probably a losing battle -- but there are other lesser successful mitigations.

Wednesday 14 July 2010

Download free chapter from Least Privilege Security for Windows 7, Vista and XP

PACKT have made Chapter 3 - Solving Least Privilege Problems with the
Application Compatibility Toolkit – from Least Privilege Security for Windows 7, Vista and XP available as a free download. Click here to download the sample chapter now.

Packt Special Offer on the hardcopy - £33.29 (save 10%) and £22.09 (save 15%) on the eBook. Click here to buy the book now.

Avecto joins forces with Cyber-Ark

Avecto Privilege Guard and Cyber-Ark Privileged Identity Management Suite provide the perfect partnership for an all-round solution for managing privileged access.

By enhancing Cyber-Ark’s market leading Privileged Identity Management (PIM) Suite with Avecto’s advanced Privilege Guard™ solution, joint customers benefit from the industry’s most comprehensive solution for securing, managing and tracking all privileged and administrative activities across an organization’s entire infrastructure, from Windows desktops and laptops, to servers, databases, hypervisors, network devices and any other system within the organization.

MDOP to be licensed as part of Windows InTune for $12/PC

Good news for those trying to implement least-privilege on the desktop. Early 2011 will see the release of Microsoft’s cloud management and security solution for SMBs, Windows InTune. As part of the package, customers will have access to Windows 7 Enterprise upgrade rights ($11/PC monthly), and for an additional dollar, the Microsoft Desktop Optimization Pack (MDOP), which contains several technologies that can ease the transition to least-privilege. InTune is also shaping up to be a good management and security solution for small businesses. For more details see Microsoft’s InTune website.

People ignore policy

Give people an inch, and they take a mile. Having a written IT policy and educating users are important steps in ensuring appropriate use of IT systems. But at the end of the day, controls need to be implemented to guarantee compliance. Kevin Beaver has posted a good example of the reactive nature, and unfortunate consequences, to what he describes as ‘disconnected’ policies on his securityonwheels blog.

The reactive nature of policies that people ignore

Security experts don’t trust least-privilege products

According to Putting limits on users' privileges, some security experts don’t trust least-privilege products on the basis that rogue users or determined hackers can misuse the products to grant themselves unauthorized escalated privileges. Any additional software installed on a PC increases the chances that a user or hacker might compromise a system, so in high security environments, it makes sense to limit the installed software base to an absolute minimum. For the rest of us, while there’s always the possibility that a least-privilege product could introduce a security vulnerability to our systems, running with administrative privileges is far riskier.

Tuesday 13 July 2010

Just published! Least Privilege Security for Windows 7, Vista and XP - Secure desktops for regulatory compliance and business agility

The first book entirely dedicated to the subject of running Least Privilege Security (or standard user accounts) on Windows operating systems in the enterprise, you will learn about the benefits Least Privilege brings organizations in terms of not only security, but regulatory compliance, improved manageability and operational simplicity.

Least Privilege Security for Windows 7, Vista and XP – Secure desktops for regulatory compliance and business agility