Windows Security Catalogs and Effective Application Control

Posted on March 19, 2010 in: Application Control, Privilege Guard, Windows Security Catalogs|Post Comment

Solutions that provide whitelisting of applications or control the behavior of applications need to provide the administrator with a set of rules that can be used to precisely identify applications. The most common types of rule will check the file name or certain attributes of the file, as these rules are relatively simple to maintain, and in most circumstances will provide adequate protection, assuming a least privilege approach is in place, where users can’t tamper with application files.

However, sometimes it is necessary to check the integrity of a file, and therefore most good application control solutions should provide additional capabilities for this purpose. In particular, you should expect a solution to provide support for both trusted publishers and file hashing. Click here to read more »

Centralizing Windows Events with Event Forwarding

Posted on March 10, 2010 in: Event Forwarding, WinRM|Post Comment

If you are interested in centralizing events from your Windows desktops or servers then you should take a serious look at Windows Event Forwarding. Event Forwarding is provided by Windows Remote Management (WinRM) and enables you to get events from remote computers and store them in the local event log of an event collector computer.

Although Event Forwarding didn’t start shipping until Windows Vista and Windows Server 2008, it is also available for Windows XP (SP2 and above) and Windows Server 2003 (SP1 and above).

Avecto have written a solution guide for setting up and configuring Event Forwarding, which is available for free download here www.avecto.com/resources.

5 Tips for Flexible Desktop Lockdown

Posted on March 7, 2010 in: AppLocker, Application Control, Desktop Lockdown, Group Policy, Least Privilege, Windows 7|Post Comment

Desktop lockdown shouldn’t hinder a user from performing their day to day role, so here are 5 tips to achieve flexible desktop lockdown.

1. Implement Least Privilege

If you are serious about desktop lockdown then you really need to adopt least privilege. If users are logging on with admin rights (or power user rights) then locking down the desktop becomes an almost impossible and thankless task.

If the only thing stopping you from implementing least privilege is that users need to run problem applications, perform basic admin tasks, such as connecting printers, or install approved software, then consider a privilege management solution. Privilege management solutions enable individual applications to be elevated under a standard user account, making it possible to remove admin rights from users. Click here to read more »