BeyondTrust PowerBroker Desktops, Free Edition

While I’m on the subject of free solutions for elevating processes to run with administrative privilege under a standard user account, BeyondTrust have recently rebranded their Privilege Manager product, now called PowerBroker Desktops, and have released a free version of the software.

The product differs from a fully licensed version in that your own custom rules cannot be deployed centrally using Active Directory Group Policy. All rules can be deployed via local GPOs, and template rules, i.e. those built-in to PowerBroker to allow system administrators to quickly grant rights for specific Windows features, can be deployed using Active Directory Group Policy. So central management using AD Group Policy Objects, isn’t as complete as ScriptLogic’s free solution, Privilege Authority.

On the flip side, PowerBroker Desktops Free Edition is more fully featured than Privilege Authority and integrated properly with Group Policy and the Group Policy Management Console (GPMC). PowerBroker is definitely worth checking out for smaller organizations that are looking to implement least privilege security on the desktop.

ScriptLogic’s Privilege Authority

I recently discovered a free offering from ScriptLogic that allows system administrators to grant standard users administrative rights for specified processes, in much the same way as commercial products. ScriptLogic doesn’t support Privilege Authority, although there is a community support forum which is active at http://privilegeauthority.com, so it may not be suitable for use in large organizations that would depend on the software as part of their mission critical infrastructure.

Privilege Authority has its own server console for administering Group Policy settings, and before use, you have to provide an email address. When configuring new settings to deploy to clients, there is a list of standard rules for common applications, and rules can also be imported from the Rules Exchange on the community forum. User defined rules, can of course, also be created and exported.

While not as fully featured or elegant as products from the main players, Avecto and BeyondTrust, Privilege Authority provides a potential alternative for smaller organizations that cannot get funding to deploy a commercial solution.

Security and Client-Side Virtualization

A good article by J. Peter Bruzzese over at Biztech Magazine on the increasing importance of virtualization to provide secure and reliable desktop OSes.

It’s quite common when thinking about virtualization technology to focus on the server side. But moving forward, it’s the client side that will take on a greater role in deploying new operating systems, maintaining those systems, and ensuring their stable and secure use.

IT downtime costs UK £2bn a year, study finds

Ever wondered how much IT downtime actually costs? Take a look at this Computer Weekly summary of a report by CA Technologies.

The time taken to fix failed IT systems costs the average UK business £208,000 a year in lost revenue, the research revealed.

France tops the league of average losses at £424,000 a year, followed by Germany (£330,000) and Norway (£271,000).

Forrester’s Zero Trust model for security

Forrester is currently pushing their Zero Trust model for network security, where they state that hosts on the corporate intranet should be untrusted in the same way as Internet devices. This makes a lot of sense, and can be implemented to various degrees according to the risk to your business. For instance, Windows clients should be isolated from one another using IPSec domain isolation. In most cases, there’s no reason why Windows clients should be talking to anything other than Windows servers.

The Zero Trust model can also be applied on the desktop. In other words Least Privilege Security assumes that the user will eventually do something bad, often by accident and less commonly, maliciously. Using virtualization technologies we can work with the Zero Trust model but still give users the flexibility they need to install applications and experiment with different configurations.

A rational look at By Your Own PC (BYOPC)

Matthew Clark writes a rational overview of BYOPC on his Confessions of an IT Manager blog, addressing the benefits and concerns of such schemes. One of his concerns is naturally security:

To be clear, there are many possible security issues and implications with BYOPC.  These include virus and malware issues, installation of unknown software packages, secure access to business data, and so on.  However, I believe all of these issues can ultimately be resolved or mitigated with a well constructed security model.

In conclusion however, Mark writes that the concerns he addresses in the article can be managed and if properly managed, BYOPC could bring advantages in some environments, but is not convinced that BYOPC will necessary reduce costs.

Also in a recent report, Gartner suggests that BYOPC can increase the threat of botnets.

AppSense to include User Rights Management in user virtualization solution

Monday 20th September, AppSense announce the integration of User Rights Management into their user virtualization solution. For more information on URM and the development of User Installed Applications, check out Can You Give Power to Users Responsibly?