tag:blogger.com,1999:blog-14669432002225104042024-10-07T05:18:29.836+01:00Secure desktops for regulatory compliance and business agilityRussell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.comBlogger40125tag:blogger.com,1999:blog-1466943200222510404.post-741060066385236402011-03-04T15:53:00.001+00:002011-03-04T15:53:52.231+00:00

I often talk about security as a business enabler but very rarely hear others saying the same things. So I was pleased to read recently in Computer Weekly Etienne Greeff’s article Security sceptics should ‘just say yes’. Greeff talks about taking a strategic approach to IT security to enable adoption of new technologies. Well worth a read. “All too often, senior managers see IT security as a

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-25560850118983821202011-01-13T15:11:00.001+00:002011-01-13T15:11:34.654+00:00

Great discounts on books, including Least Privilege Security for Windows 7, Vista and XP, over at PACKT’s website on Monday 24th January. Click here for more details.

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-80229972792859720422010-12-13T13:37:00.001+00:002010-12-13T13:37:20.134+00:00

A recent survey commissioned by Lumension doesn’t reveal many surprising results, but one interesting point was that only 44% of those surveyed thought that application whitelisting was an effective technology. Maybe those surveyed are expecting too much. It’s not a replacement for antivirus, but even in its own right is very effective at preventing malicious software from running, especially

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-8754250690542786962010-11-25T13:40:00.001+00:002010-11-25T13:42:42.977+00:00

Here’s a good example of why implementing standard user accounts isn’t enough to secure your desktop systems. Occasionally bugs are found in Windows that allow privilege escalation – or in other words, permit a standard user to elevate to a higher set of privileges. One such flaw has recently been disclosed and is outlined by Sophos on their Naked Security blog. Additional layers of security,

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-79520199920238856752010-11-17T16:45:00.001+00:002010-11-17T16:46:36.425+00:00

Security Adviser columnist, Roger Grimes, has another article on Least Privilege Security at InfoWorld. Not only does he speak about standard user accounts, but also about the advantages of application whitelisting software. Roger also mentions that Least Privilege Security can help reduce support costs on desktop computers: Locked-down desktops have few support issues since users aren't

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com1tag:blogger.com,1999:blog-1466943200222510404.post-89155028337620539402010-11-11T09:00:00.001+00:002010-11-11T09:00:45.848+00:00

Not much fanfare accompanying the latest update to Flash Player (version 10.1.102.64), which includes a security fix, so make sure that your systems are patched as quickly as possible. The MSI version can be downloaded here for deployment using Group Policy or SCCM.

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-63801959452443204502010-11-03T17:37:00.001+00:002010-11-03T17:39:18.290+00:00

While Microsoft has its own solutions for running IE6 apps on Windows 7, see their whitepaper Solutions for Virtualizing Internet Explorer, they can be somewhat overkill and expensive to manage. Dependence on IE6 for legacy web applications is often cited as a reason preventing an upgrade from XP to Windows 7, which provides improved security and easier implementation of least privilege.

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-59861524281963538202010-10-26T08:30:00.001+01:002010-10-26T08:30:40.412+01:00

While I’m on the subject of free solutions for elevating processes to run with administrative privilege under a standard user account, BeyondTrust have recently rebranded their Privilege Manager product, now called PowerBroker Desktops, and have released a free version of the software. The product differs from a fully licensed version in that your own custom rules cannot be deployed centrally

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-3736889341214721412010-10-26T08:01:00.001+01:002010-10-26T08:01:31.150+01:00

I recently discovered a free offering from ScriptLogic that allows system administrators to grant standard users administrative rights for specified processes, in much the same way as commercial products. ScriptLogic doesn’t support Privilege Authority, although there is a community support forum which is active at http://privilegeauthority.com, so it may not be suitable for use in large

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-70488919355208677642010-09-24T08:32:00.001+01:002010-09-24T08:32:37.114+01:00

A good article by J. Peter Bruzzese over at Biztech Magazine on the increasing importance of virtualization to provide secure and reliable desktop OSes. It’s quite common when thinking about virtualization technology to focus on the server side. But moving forward, it’s the client side that will take on a greater role in deploying new operating systems, maintaining those systems, and ensuring

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com1tag:blogger.com,1999:blog-1466943200222510404.post-15718385572006052322010-09-21T08:57:00.001+01:002010-09-21T08:57:33.104+01:00

Ever wondered how much IT downtime actually costs? Take a look at this Computer Weekly summary of a report by CA Technologies. The time taken to fix failed IT systems costs the average UK business £208,000 a year in lost revenue, the research revealed. France tops the league of average losses at £424,000 a year, followed by Germany (£330,000) and Norway (£271,000).

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-50060527004880494692010-09-21T08:52:00.001+01:002010-09-21T08:54:07.265+01:00

Forrester is currently pushing their Zero Trust model for network security, where they state that hosts on the corporate intranet should be untrusted in the same way as Internet devices. This makes a lot of sense, and can be implemented to various degrees according to the risk to your business. For instance, Windows clients should be isolated from one another using IPSec domain isolation. In most

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com1tag:blogger.com,1999:blog-1466943200222510404.post-75593798411558209412010-09-21T08:41:00.001+01:002010-09-21T08:43:33.880+01:00

Matthew Clark writes a rational overview of BYOPC on his Confessions of an IT Manager blog, addressing the benefits and concerns of such schemes. One of his concerns is naturally security: To be clear, there are many possible security issues and implications with BYOPC.  These include virus and malware issues, installation of unknown software packages, secure access to business data, and so

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-13297917763356867712010-09-20T08:36:00.001+01:002010-09-20T08:36:52.490+01:00

Monday 20th September, AppSense announce the integration of User Rights Management into their user virtualization solution. For more information on URM and the development of User Installed Applications, check out Can You Give Power to Users Responsibly?

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-51618289752405983522010-09-18T09:20:00.001+01:002010-09-18T09:20:21.709+01:00

Another positive review of the book: I've been reading through Russell Smith's new book Least Privilege Security for Windows 7, Vista and XP and I've realized it's about time for a book on this subject. I've covered some of the material in the past including in my recent SearchWinIT.com tip Should Windows users have full administrative rights? and I know there's content on this topic scattered

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com1tag:blogger.com,1999:blog-1466943200222510404.post-42939873497104326422010-09-15T06:51:00.001+01:002010-09-15T06:51:41.966+01:00

Need a quick way to deploy software to standard users without SCCM or Group Policy? Take a look at PDQ Deploy from Admin Arsenal. It’s free, can deploy MSI, MSP, MSU, EXE and Batch files and monitors installs until they’re complete. Make sure you test your unattended installs thoroughly before pushing them to multiple machines on your network.

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-50825186495479650852010-09-10T07:06:00.001+01:002010-09-10T07:06:49.817+01:00

There’s been a lot in the press during the last week about IT consumerisation, and how IT departments might become extinct if they continue a line of ‘command and control’. In an ideal world, we’d let users buy whatever hardware and software they see fit to do their jobs. In certain environments this may actually work, but I imagine that for the most part, this would be a costly nightmare for the

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-4128578990313679852010-09-06T06:02:00.001+01:002010-09-06T06:02:12.494+01:00

Great article over a the New York Times on password security. “Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics. Least Privilege Security, as part of a defence-in-depth security strategy, can help to keep

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-36432182913019777312010-08-31T05:49:00.001+01:002010-08-31T05:49:02.173+01:00

An interesting article over at IT Manager Daily that describes some of the basic security mistakes made by the Russian spy ring. One thing’s for sure, they weren’t using least privilege security… In addition to clear and enforced security policies, the spy ring could have used some better help desk support. Some laptops took months to troubleshoot, and one spy was so frustrated with her computer

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-68134204105498734552010-08-25T09:35:00.001+01:002010-08-25T09:35:14.244+01:00

Another review for Least Privilege Security for Windows 7, Vista and XP has just been published over at TaoSecurity by Richard Bejtlich, Director of Incident Response at General Electric. Very focused and timely book on an important security topic.

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-64660311787899860602010-08-23T09:08:00.001+01:002010-08-23T09:08:00.320+01:00

Least Privilege Security for Windows 7, Vista and XP now has it’s own page over at Avecto’s website: http://www.avecto.com/ebook/index.html

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-61754639632379444712010-08-20T10:50:00.001+01:002010-08-20T10:50:40.854+01:00

Psst: Can You Keep A Secret? over at Biztech Magazine tells the story of a SME that seemed to be relying solely on their antivirus software to provide protection and as a result suffered a devastating virus outbreak. “Small businesses are definitely more at risk than large businesses with respect to security because if they are attacked and their information is compromised, they can go out of

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-47490966043803827342010-08-16T13:47:00.001+01:002010-08-16T13:47:49.480+01:00

Another short review of Least Privilege Security for Windows 7, Vista and XP at Ward Vissers: I have read already some chapters. I think it is a great book to have on your collection. You have always not enough time thinking about security. This book does it for you. And here at Anything about IT: I haven’t read the entire book yet, but from what i have seen thus far, it’s

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-53728540754350257402010-08-16T12:15:00.001+01:002010-08-16T12:15:53.322+01:00

According to an article on Help Net Security, AV vendors detect on average 19% of malware attacks, a recent study by Cyveillance claims that the most popular antivirus products detect less than 19% of new malware threats, and that rate increases only to to 61.7% after 30 days. Top AV solutions take an average of 11.6 days to catch up to new malware. Since this does not include malware

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0tag:blogger.com,1999:blog-1466943200222510404.post-60098576883983922512010-08-13T14:02:00.001+01:002010-08-16T12:16:24.056+01:00

It’s no surprise that in a recent survey of 488 IT workers, according to IT PRO, two thirds of them claim that security is not mission critical to their company. Tom Gaffney of F-Secure thinks that desktop security is a non-starter: Gaffney expressed concerns over whether top level executives will ever recognise how important security is. “I am very skeptical they ever will. That is the

Russell Smithhttp://www.blogger.com/profile/18318064087483507597noreply@blogger.com0