Posted in Privilege Guard | Leave a comment

Privilege Guard 3.0 is here!

Posted on February 2, 2012 by Kris Zentek

I am pleased to announce that version 3.0 is now available for download. This release is the product of many months of development, and is packed with new features and enhancements. Keep an eye on our blog over the coming days and weeks as we explore them in more detail.

For now, make sure you read up on What’s new in Privilege Guard 3.0

We at Avecto pride ourselves on being a dynamic, agile software house, and for listening to and working closely with our customers. Collaboration is key to maintaining Privilege Guard’s position as the leading solution for delivering least risk desktops and servers, and my thanks go to everyone who contributed to version 3.0.

Special thanks of course must go to our development and QA teams for delivering high quality, innovative software, on time, and to specification. A great start to a very exciting 2012!

You can download Privilege Guard 3.0 by visiting the downloads page. If you aren’t already a customer, make sure you register for a free evaluation. As always, we are keen to hear your thoughts!

 

Posted in Event Forwarding, Privilege Guard, WinRM | Comments Off

Privilege Guard 3.0 Reporting Pack Preview

Posted on December 23, 2011 by Mark Austin

Last week I gave you a sneak preview of Privilege Guard 3.0, which will be released at the start of the New Year. We will also be releasing two new add on modules for Privilege Guard, and today I want to give you a preview of the Reporting Pack module.

A critical component of any privilege management solution is the audit trail, which can be used to generate compliance reports and fine tune policies. Privilege Guard logs a variety of events to the local application event log on each endpoint and these events can then be centrally collected using Microsoft Event Forwarding.

Event Forwarding uses Windows Remote Management (WinRM) and enables you to collect events from remote computers and store them in the forwarded event log of a central event collector server. It is an extremely scalable architecture, which is why the Privilege Guard Reporting Pack has been built around this technology. The new Privilege Guard Event Collector software is simply installed on one or more event collector servers and it will automatically aggregate Privilege Guard events and upload them to a SQL Server. Continue reading

Posted in Application Control, Desktop Lockdown, Group Policy, Least Privilege | Comments Off

Desktop Misadventures

Posted on December 22, 2011 by Russell Smith

Bradley Manning – the Private who’s accused of downloading 110,000 U.S. State Department cables to his PC, copying them to a removable drive and then passing the information to Wikileaks – has been in the news again this week as his trial begins. The incident highlights a massive security failing by the U.S. military. In the first instance, Manning’s ability to view classified data that he had no need to access, and secondly the capability to copy the information undetected from his workstation. While a somewhat extreme case of the unpleasant consequences desktop privileges can have for an employee, I recently stumbled across a post in an IT forum that demonstrated a similar problem – but in the corporate world.

A rather distraught software developer was accused of stealing data from his previous employers. The company claimed he circumvented the USB monitoring system when copying files to a flash drive because IT couldn’t find any evidence in the logs that the files had been transferred to the removable drive. As a software developer, he had admin rights on his PC and the company is now threatening legal action. Continue reading

Posted in Privilege Guard | Comments Off

Privilege Guard 3.0 Sneak Peek

Posted on December 15, 2011 by Mark Austin

As we approach the end of 2011, the Avecto product development team have been busy putting the finishing touches to Privilege Guard 3.0, along with two brand new modules for Privilege Guard – the Privilege Guard Reporting Pack and the Privilege Guard McAfee ePO Integration Pack. On the run up to Christmas we’ll be giving you a sneak preview of all this exciting new technology, which you can get your hands on at the start of the New Year.

First up is Privilege Guard 3.0, with a new look management console that is both striking to look at and wonderfully intuitive. As you move beyond the obvious visual enhancements, you will find full search capabilities, which allow you to quickly locate policy items and navigate to them with ease. Continue reading

Posted in ePO, Least Privilege, McAfee, Privilege Guard | Comments Off

Protecting Against Kernel-mode Rootkits with Avecto and McAfee

Posted on November 21, 2011 by Mark Austin

Kernel-mode rootkits install themselves deep inside the operating system. They often use cloaking techniques to hide themselves and other malware to prevent detection or removal. The introduction of kernel patch protection in 64-bit Windows made it more difficult for kernel-mode rootkits to infect the operating system, but the threat has not been completely removed, and rootkits have already penetrated 64-bit Windows.

Running up-to-date anti-virus software, and keeping Windows and other software updated with all of the latest security patches, should prevent infection from most known malware threats. However, the risk of a zero-day attack that includes a kernel-mode rootkit continues to pose the most serious security threat. The ability of a zero-day rootkit to hide itself from security software can make subsequent detection and removal extremely difficult, often resulting in re-imaging of the operating system, assuming that it is even possible to detect the malware infection. The fact that a kernel-mode rootkit could go undetected makes it difficult to fully assess the true scale of the problem. Continue reading

Posted in Active Directory, Group Policy, Least Privilege, Privilege Guard | Comments Off

Assigning admin privileges on Domain Controllers

Posted on October 26, 2011 by Russell Smith

Active Directory (AD) is the core of a Windows Server network and consists of a database that stores usernames and passwords, plus several technologies that work together to provide security and management services to clients and servers. Domain controllers (DCs) are servers that host a copy of the AD database and run related services.

Technical personnel sometimes require access to domain controllers, maybe to perform maintenance connected to backup, patching or a one-off task. This leaves security administrators with something of a quandary, as most of the work likely to be carried out requires full administrative access to the DC, and in turn the crown jewels – Active Directory.

Let’s make it simple and start off by saying that it’s not possible to separate AD and administrator permissions on a regular DC. If you need to grant a user domain administrator permissions to complete some work on a DC, you must trust that person with full access to the AD domain. Read-only domain controllers (RODCs) do exactly what they say on the tin and host a read-only copy of the Active Directory database. Wherever possible you should deploy RODCs, as any domain user can be given permission to install and manage the server without privileged access to Active Directory. Continue reading

Posted in Active Directory, Group Policy | Comments Off

What is the Right Amount of GPOs?

Posted on October 11, 2011 by Jeremy Moskowitz

This is a question I get all the time, so I thought I’d take a moment and share some thoughts on this question.

Before we get to “What is the right amount of GPOs”, let’s start off with “Can I have too many GPOs?”

One of the problems with Group Policy, in general, is that there isn’t much “organization” inside the Group Policy Objects node within the GPMC. Simply, you get a flat list of GPO names – listed alphabetically. This isn’t ideal if you have, say, thousands of Group Policy Objects and are looking for one, in particular, needle in a haystack. Continue reading

Posted in Desktop Lockdown, Least Privilege | Comments Off

Who Has Admin Rights?

Posted on October 6, 2011 by Kris Zentek

Before implementing a least privilege desktop policy it is generally good practice to know who you are likely to affect. This is not an easy task if you do not already manage or track which users have previously been given local admin rights on their devices.

Microsoft provides a free utility which does just this – the Microsoft Baseline Security Analyzer, or MBSA for short.

Choose a type of scan or view previous scan results

The MBSA is designed to highlight potential security risks on endpoints and makes recommendations for remediation of these risks. Access to a local admin account is of course a high risk concern, and so this is one of the things it checks for. Continue reading

Posted in Desktop Lockdown, Least Privilege, Windows 7 | Comments Off

What’s the incentive to secure your desktop systems?

Posted on September 26, 2011 by Russell Smith

Desktop security may seem to have little to do with an organization’s profit and loss, share prices and overall bottom line, but going beyond antivirus protection can have a significant impact on productivity, total cost of ownership and IT support costs. In an era where companies are under pressure to reduce overheads and find new sources of revenue, operating an efficient IT infrastructure has never been so important. Whether that involves virtualization or getting more from your existing hardware, desktop security plays a vital role in ensuring systems run securely with maximum performance and uptime.

Security is often viewed like an insurance policy – an expense that’s hard to quantify in terms of return on investment. But skimping on well secured endpoints or assuming that antivirus is enough to keep end users out of trouble is a false economy. Even if your company isn’t subject to regulatory compliance, properly secured systems still bring important advantages that shouldn’t be overlooked. Continue reading