Avecto.com | Windows Privilege Management Blog

Posted in Event Forwarding, Privilege Guard, WinRM | Comments Off

Privilege Guard 3.0 Reporting Pack Preview

Posted on December 23, 2011 by Mark Austin

Last week I gave you a sneak preview of Privilege Guard 3.0, which will be released at the start of the New Year. We will also be releasing two new add on modules for Privilege Guard, and today I want to give you a preview of the Reporting Pack module.

A critical component of any privilege management solution is the audit trail, which can be used to generate compliance reports and fine tune policies. Privilege Guard logs a variety of events to the local application event log on each endpoint and these events can then be centrally collected using Microsoft Event Forwarding.

Event Forwarding uses Windows Remote Management (WinRM) and enables you to collect events from remote computers and store them in the forwarded event log of a central event collector server. It is an extremely scalable architecture, which is why the Privilege Guard Reporting Pack has been built around this technology. The new Privilege Guard Event Collector software is simply installed on one or more event collector servers and it will automatically aggregate Privilege Guard events and upload them to a SQL Server. Continue reading →

Posted in Application Control, Desktop Lockdown, Group Policy, Least Privilege | Comments Off

Desktop Misadventures

Posted on December 22, 2011 by Russell Smith

Bradley Manning – the Private who’s accused of downloading 110,000 U.S. State Department cables to his PC, copying them to a removable drive and then passing the information to Wikileaks – has been in the news again this week as his trial begins. The incident highlights a massive security failing by the U.S. military. In the first instance, Manning’s ability to view classified data that he had no need to access, and secondly the capability to copy the information undetected from his workstation. While a somewhat extreme case of the unpleasant consequences desktop privileges can have for an employee, I recently stumbled across a post in an IT forum that demonstrated a similar problem – but in the corporate world.

A rather distraught software developer was accused of stealing data from his previous employers. The company claimed he circumvented the USB monitoring system when copying files to a flash drive because IT couldn’t find any evidence in the logs that the files had been transferred to the removable drive. As a software developer, he had admin rights on his PC and the company is now threatening legal action. Continue reading →

Posted in Privilege Guard | Comments Off

Privilege Guard 3.0 Sneak Peek

Posted on December 15, 2011 by Mark Austin

As we approach the end of 2011, the Avecto product development team have been busy putting the finishing touches to Privilege Guard 3.0, along with two brand new modules for Privilege Guard – the Privilege Guard Reporting Pack and the Privilege Guard McAfee ePO Integration Pack. On the run up to Christmas we’ll be giving you a sneak preview of all this exciting new technology, which you can get your hands on at the start of the New Year.

First up is Privilege Guard 3.0, with a new look management console that is both striking to look at and wonderfully intuitive. As you move beyond the obvious visual enhancements, you will find full search capabilities, which allow you to quickly locate policy items and navigate to them with ease. Continue reading →

Posted in Group Policy, Least Privilege, Privilege Guard, User Account Control (UAC), Windows 7 | Comments Off

Who’s in Charge of User Account Control?

Posted on November 23, 2011 by Russell Smith

Microsoft’s Security Intelligence Report (SIR) v10, published in May this year, revealed figures that show Windows 7 is the company’s most secure operating system, reporting that the OS suffered fewer security incidents per 1000 computers than any other supported version of Windows in 2010. Windows 7 64-bit edition had 2.5 infections per 1000 computers, with 32-bit Windows 7 coming in at 3.8. This compared to 15.9 infections for Windows XP SP3 and 19.3 for XP SP2.

64-bit Windows 7 fares better than its 32-bit counterpart in part due to the inclusion of kernel patch protection, a technology only available in 64-bit Windows 7 that protects the kernel from unauthorized changes. Windows 7 is less likely to be infected overall because of User Account Control (UAC), an umbrella term for a set of technologies that make the OS easier to work with as a standard user or specially protected administrator account (Protected Administrator). Continue reading →

Posted in ePO, Least Privilege, McAfee, Privilege Guard | Comments Off

Protecting Against Kernel-mode Rootkits with Avecto and McAfee

Posted on November 21, 2011 by Mark Austin

Kernel-mode rootkits install themselves deep inside the operating system. They often use cloaking techniques to hide themselves and other malware to prevent detection or removal. The introduction of kernel patch protection in 64-bit Windows made it more difficult for kernel-mode rootkits to infect the operating system, but the threat has not been completely removed, and rootkits have already penetrated 64-bit Windows.

Running up-to-date anti-virus software, and keeping Windows and other software updated with all of the latest security patches, should prevent infection from most known malware threats. However, the risk of a zero-day attack that includes a kernel-mode rootkit continues to pose the most serious security threat. The ability of a zero-day rootkit to hide itself from security software can make subsequent detection and removal extremely difficult, often resulting in re-imaging of the operating system, assuming that it is even possible to detect the malware infection. The fact that a kernel-mode rootkit could go undetected makes it difficult to fully assess the true scale of the problem. Continue reading →

Posted in Active Directory, Group Policy, Least Privilege, Privilege Guard | Comments Off

Assigning admin privileges on Domain Controllers

Posted on October 26, 2011 by Russell Smith

Active Directory (AD) is the core of a Windows Server network and consists of a database that stores usernames and passwords, plus several technologies that work together to provide security and management services to clients and servers. Domain controllers (DCs) are servers that host a copy of the AD database and run related services.

Technical personnel sometimes require access to domain controllers, maybe to perform maintenance connected to backup, patching or a one-off task. This leaves security administrators with something of a quandary, as most of the work likely to be carried out requires full administrative access to the DC, and in turn the crown jewels – Active Directory.

Let’s make it simple and start off by saying that it’s not possible to separate AD and administrator permissions on a regular DC. If you need to grant a user domain administrator permissions to complete some work on a DC, you must trust that person with full access to the AD domain. Read-only domain controllers (RODCs) do exactly what they say on the tin and host a read-only copy of the Active Directory database. Wherever possible you should deploy RODCs, as any domain user can be given permission to install and manage the server without privileged access to Active Directory. Continue reading →

Posted in Active Directory, Group Policy | Comments Off

What is the Right Amount of GPOs?

Posted on October 11, 2011 by Jeremy Moskowitz

This is a question I get all the time, so I thought I’d take a moment and share some thoughts on this question.

Before we get to “What is the right amount of GPOs”, let’s start off with “Can I have too many GPOs?”

One of the problems with Group Policy, in general, is that there isn’t much “organization” inside the Group Policy Objects node within the GPMC. Simply, you get a flat list of GPO names – listed alphabetically. This isn’t ideal if you have, say, thousands of Group Policy Objects and are looking for one, in particular, needle in a haystack. Continue reading →

Posted in Desktop Lockdown, Least Privilege | Comments Off

Who Has Admin Rights?

Posted on October 6, 2011 by Kris Zentek

Before implementing a least privilege desktop policy it is generally good practice to know who you are likely to affect. This is not an easy task if you do not already manage or track which users have previously been given local admin rights on their devices.

Microsoft provides a free utility which does just this – the Microsoft Baseline Security Analyzer, or MBSA for short.

Choose a type of scan or view previous scan results

The MBSA is designed to highlight potential security risks on endpoints and makes recommendations for remediation of these risks. Access to a local admin account is of course a high risk concern, and so this is one of the things it checks for. Continue reading →

Posted in Desktop Lockdown, Least Privilege, Windows 7 | Comments Off

What’s the incentive to secure your desktop systems?

Posted on September 26, 2011 by Russell Smith

Desktop security may seem to have little to do with an organization’s profit and loss, share prices and overall bottom line, but going beyond antivirus protection can have a significant impact on productivity, total cost of ownership and IT support costs. In an era where companies are under pressure to reduce overheads and find new sources of revenue, operating an efficient IT infrastructure has never been so important. Whether that involves virtualization or getting more from your existing hardware, desktop security plays a vital role in ensuring systems run securely with maximum performance and uptime.

Security is often viewed like an insurance policy – an expense that’s hard to quantify in terms of return on investment. But skimping on well secured endpoints or assuming that antivirus is enough to keep end users out of trouble is a false economy. Even if your company isn’t subject to regulatory compliance, properly secured systems still bring important advantages that shouldn’t be overlooked. Continue reading →

Posted in Desktop Lockdown, Least Privilege, Windows 7 | Comments Off

Do Users Really Know Best?

Posted on September 21, 2011 by Russell Smith

The consumerisation of IT has become a fashionable catch phrase over the past few years as some companies choose to give employees the option to decide what hardware and software they use at work. Schemes have been set up, such as Bring Your Own PC (BYOPC), where virtualization technologies are deployed that allow users to run a managed corporate desktop from their own device with the aim of reducing costs.

While these programmes may benefit tech-orientated employees in large companies like Google, for most organizations, passing responsibility for IT purchasing decisions to users, which in turn determines business policy, isn’t likely to be the best way forward.

When friends or colleagues ask for advice about purchasing a new notebook, what criteria do they usually give as a priority? Looks, style and other desirable ‘must-haves’ often outweigh technical considerations, such as whether the device has the necessary capabilities to run line-of-business software, if it can be supported by IT or whether the build quality is likely to make it durable enough for business travel. Continue reading →

Privilege Guard 3.0 Reporting Pack Preview

Desktop Misadventures

Privilege Guard 3.0 Sneak Peek

Who’s in Charge of User Account Control?

Protecting Against Kernel-mode Rootkits with Avecto and McAfee

Assigning admin privileges on Domain Controllers

What is the Right Amount of GPOs?

Who Has Admin Rights?

What’s the incentive to secure your desktop systems?

Do Users Really Know Best?

Search

Pages

Archives

Categories

Subscribe to RSS