[ad_1] To “err is human” as the expression goes. As carbon-based life forms, we are not all perfect (apart from some of us, hah), and surprisingly very predictable. The problem is passwords that we choose. Human beings are not designed to think up and remember complex passwords. We all forget things, or at least I […]
Continue ...[ad_1] Think about the methods behind most data breaches. The goal of an external attacker is to obtain the valid credentials of an internal user with elevated privileges. With the credentials of a privileged insider the external attacker can move laterally and remain unnoticed just as a normal user would. The 2016 Verizon Data Breach […]
Continue ...
PowerBroker Password Safe version 5.8 improves on key features and capabilities in session management, and password management with unmatched levels of security, scalability and control. source
Continue ...[ad_1] There’s a common theme and lesson to be learned from 2015’s data breaches — when it comes to privileged access management, even for servers and appliances (read: Cisco), enterprises can’t just set it and forget it. All devices and data must be brought under the enterprise security policy – even SSH keys. Secure Shell […]
Continue ...[ad_1] Regardless of the motives of a hacker, the main component of damage is often associated with compromising, altering, or destroying critical information that is needed in order to run the business. It is an unfortunate reality, but organizations are going to get compromised. In designing security, especially for the endpoint, robust measures are deployed […]
Continue ...[ad_1] In a previous blog post, I outlined the threat of attack by exploitation of weak links— attack vectors insignificant enough to pop up on the radar, but exploitable enough to move an attacker one step further into your organization. It’s a little like playing a board game. You don’t move from one end of […]
Continue ...[ad_1] Sudo is an application for Unix and Linux operating systems that allows users to run programs with the security privileges of another user. In its basic form, it is by definition a least privilege application for controlling privileged access management. By default, sudo runs all elevated commands as ‘superuser.’ Modern versions of sudo have […]
Continue ...[ad_1] The evolution of network computing environments has created a continuous stream of new attack vectors for adversaries to prey on. Businesses have to move quickly to respond to the needs of their customers. This often involves frequent changes like adding new systems and applications, as well as a constantly shifting user population. And as […]
Continue ...[ad_1] As an IT organization, should you be concerned that your sysAdmins login as root, su to root, or sudo su to root? If so, can you really expect your users to do their daily tasks if they cannot logon with root level administrative permissions? Even if you enable your most trusted admins with root, […]
Continue ...[ad_1] Brad Hibbert – May 4th, 2016. Remote access solutions provide the ability to manage computer systems from a remote location. When properly deployed, these solutions – like TeamViewer, LogMeIn, or others – provide significant benefits and cost-savings to organizations and managed service providers alike. As well, they allow companies to provide remote support in […]
Continue ...[ad_1] Editor’s note: This is a refresh of an older blog post on local admin privileges prior to the LAPS release. We’ve updated it with new best practice guidance. When embarking on a project to remove administrator rights from users, it is important to understand all of the options available for modifying local group membership […]
Continue ...[ad_1] Reveton, CryptoLocker, Locky…words that IT, the FBI and even everyday Joe’s have learned to hate. Being a family blog, I won’t say what we all want to say about Ransomware, so I’ll just leave it as, “It’s not good”. There is no shortage of articles on the latest threat, no one industry at more […]
Continue ...