Origin IT

TOP 5 THINGS TO KNOW ABOUT ADMINISTRATOR RIGHTS AND SECURITY

2011-10-26T15:53:00.000-07:00

ASK ANY WINDOWSADMINISTRATOR OR SECURITY PROFESSIONAL AND YOU WILL FIND WIDESPREAD SUPPORT FORLOCKING DOWN PCS BY REMOVING USERS' ADMINISTRATIVE PRIVILEGES.

Why then have so many IT organisations been unable toimplement better controls in their desktop environments? The truth is thatremoving admin rights is only one part of an application control solution.

1. THEDIFFERENCE BETWEEN AN ADMINISTRATOR AND A STANDARD USER

When users log into a Windows computer, they can either login with administrator rights or standard user rights. Administratorrights allow users the ability to make wide changes to the computer, includingcreating or deleting accounts and changing account types and passwords. Most importantly, administrator rights allow users the freedom to install anysoftware they wish. A standard user is granted no special privileges anddoes not have administrative control over the computer.

The "Principle of Least Privilege" that has beenwidely adopted by organisations as a security best practice restricts standarduser privileges to only those necessary to perform certain job functions.

In a Windows Least Privilege environment, administrators havecontrol of installs on standard user's computers and often times networkresources as well.

2. ADMINRIGHTS ARE USED BY MALICIOUS HACKERS

Administrator rights are exploited by unauthorised users,hackers, and malware to compromise computer systems by altering standarddesktop images, changing security settings, or installing unauthorizedsoftware. By removing administrator rights from users and granting only theminimum privileges necessary for the performance of an authorized task, acompany can limit the damage that can result from a security breach ormalicious user. But removing admin rights is not effective against all thevaried attacks that are in the wild today.

For instance, there has been an increase in zero-day,"Advanced Persistent Threat" attacks that seek out admin rightscredentials and then use them to escalate privileges and install malware tosteal sensitive information.

3. REMOVING ADMIN RIGHTS CAN IMPEDE USER'S WORK

Removing admin rights can limit a user's ability to openemails, change settings, or even start their computer. If users are unable tocontinue to do the work they need to do, there will be complaints, and it willrequire the IT staff to spend a lot of time addressing the problems that arise.

Removing privileged accounts can be problematic because,depending on the organisation, any number of legacy or custom-built applicationscan only be accessed with administrator rights. In addition, many vendorsrelease software which requires admin rights to install. As a result, acompany either refuses to use the majorsoftware packages in the market(including those by Microsoft), or the company develops costly procedures tosubmit requests for installations, updates, removals, etc.

While it is tempting to establish policies that restrictsoftware installation, by doing so, you can defeat the very reason thatcomputers were brought into the company—to accomplish work efficiently.

• Users who have a real business need to install applicationsto do their jobs won't have that right, which hampers creativity and exposureto new resources.

• Without sufficient permissions, a user would not even beable to install basic work necessities such as a print driver. Many basicapplications will not run without an elevated set of permissions.

• Client software components that Web sites upgrade on aregular basis (such as Flash, Acrobat Reader and Web conferencing software)cannot be updated, potentially obstructing user access to important businesscontent or causing lost productivity, as users look for workarounds. It'snearly impossible for organisations to have the latest clients packaged for softwaredistribution so that they can be delivered to users as needed, and standarduser access does not allow exceptions.

4. RUNNING USERSAS "STANDARD USERS" DOES NOT PREVENT THEM FROM INSTALLING AND RUNNING UNKNOWNAPPLICATIONS

A typical first approach that administrators take in securingworkstations is to set the NTFS permissions on the workstation's hard drive sothat users have only the minimum necessary set of permissions.

Although it is always a good idea to give users minimumpermissions, this technique by itself is completely ineffective in regard topreventing users from installing or executing unauthorised softwares

One major issue with relying solely on user rightsrestrictions is that a user has to have rights to their profiledirectory. A profile directory stores a user's documents and all of theiruser-specific application settings. Since a profile is a required part ofWindows, and a user has to have rights to their profile directory, a user couldplace an executable file into their profile directory and run it from there.

There are ways around some of these profile-related securityissues. Administrators could redirect a profile so that it is stored on aserver rather than on each individual workstation. Once the profilefolders have been redirected, different administrator utilities can searchprofile folders for unauthorised executables.

Another option is to implement mandatory profiles. Mandatory profiles are designed so that any changes that a user makes to theirprofile directory are automatically overwritten with a clean and pristine copyof an approved profile when a user logs off.

Despite these tools,profile redirection or mandatory profileswill not completely prevent users from running unauthorized software. Regardlessof where a profile is located, a user must still have write
permissions to it in order for applications to function correctly.

In the case of a mandatory profile, a user can write to alocal copy of the mandatory profile, and that copy is later overwritten by aclean copy of the mandatory profile when the user logs out. While a useris logged in though, they have write access to their profile directory.

To see why this is a problem, think about the way InternetExplorer works.When a user visits a Web page, the contents of that page (HTMLcode, images, etc.) are downloaded to a cache directory. If a user happened tovisit a maliciousWeb page, anymalware that might exist on the page is alsowritten to the cache directory, where it would then be executed.

If the user had a mandatory profile, the contents of theprofile directory would eventually be overwritten,but by that time the problemdownloads have already occurred.

In terms of IT management,NTFS permissions policies lack acentralised management component,meaning that there is no'big picture' oforganization users available. Microsoft does not offer a built-in consolethat allows you to set NTFS permissions across all of your workstations. Evenif they did, performing blanket lockdowns at the NTFS level could make itdifficult to install new applications or software patches.

5. APPLICATION WHITELISTING IS A GENTLER FORM OF "LOCKDOWN"

Application Whitelisting solutions address these issues andprovide organisations with more flexibility and granularity for all usersregarding the applications that can and cannot be run. Users can be leftrunning as administrators, allowing them to update client software as needed,including Web applications.

Software that's detrimental can be automatically blacklisted,but resources (and/or subscription models) may be needed to keep the listcurrent. Depending on the user, new software can be allowed or blocked bypolicy.

In either case, it is always logged, so that the organisationcan centrally monitor all workstations. In addition to securityprotection,Application Whitelisting solutions provide operational benefits bypreventing the arbitrary introduction and execution of unknown code onendpoints, even for administrators.

There are several security and operational reasons thatorganisations may want to use ApplicationWhitelisting solutions:

• To ensure that unlicensed software isn't being used

• To manage known PC configurations so that enterprisesoftware is easier to deploy and maintain

• To restrict users from running software that could bedetrimental to enterprise systems or the network

• To prevent users from adding applications that will requireincreased support and cost, and

• To prevent users from visiting a maliciousWeb site andinadvertently executing zero-day attacks.

Origin IT hasall the resource and experience your business requires toaddress administrator-related issues and IT Support for your organisation. Pleasecontact us for more information: www.originit.co.nz

2011-10-19T19:41:00.000-07:00

SOCIAL MEDIA: THE 5 BIGGEST THREATS TO YOURBUSINESS
--------------------------------------------------------------------------------------------------------------------------

Social media platforms such as Twitter, Facebook and LinkedIn increasingly are being used by enterprises to engage with customers, build their brands and communicate information to the rest of the world.

But social media for enterprises isn't all about "liking," "friending," "up-voting" or "digging." For organizations, there are real risks to using social media, ranging from damaging the brand to exposing proprietary information to inviting lawsuits.

Here are five of the biggest social media security threats:

5. MOBILE APPS
The rise of social media is inextricably linked with the revolution in mobile computing, which has spawned a huge industry in mobile application development. Naturally, whether using their own or company-issued mobile devices, employees typically download dozens of apps because, well, because they can.

But sometimes they download more than they bargained for. In early March, Google removed from its Android Market more than 60 applications carrying malicious software. Some of the malware was designed to reveal the user's private information to a third party, replicate itself on other devices, destroy user data or even impersonate the device owner.

And all because this new game is supposed to be even better than Angry Birds!

4. SOCIAL ENGINEERING
A favorite of smooth-talking scammers everywhere, social engineering has been around since before computer networks. But the rise of the Internet made it easier for grifters and flim-flam artists to find potential victims who may have a soft spot in their hearts for Nigerian royalty.

Social media has taken this threat to a new level for two reasons: 1) People are more willing than ever to share personal information about themselves online via Facebook, Twitter, Foursquare and Myspace, and 2) social media platforms encourage a dangerous level of assumed trust. From there it's a short step to telling your new friend about your company's secret project. Which your new friend really might be able to help with if you would only give him a password to gain access to a protected file on your corporate network. Just this once.

3. SOCIAL NETWORKING SITES
Sometimes hackers go right to the source, injecting malicious code into a social networking site, including inside advertisements and via third-party apps. On Twitter, shortened URLs (popular due to the 140-character tweet limit) can be used to trick users into visiting malicious sites that can extract personal (and corporate) information if accessed through a work computer. Twitter is especially vulnerable to this method because it's easy to retweet a post so that it eventually could be seen by hundreds of thousands of people.

2. YOUR EMPLOYEES
You knew this was coming, but even the most responsible employees have lapses in judgment, make mistakes or behave emotionally. Nobody's perfect all of the time.

But dealing with an indiscreet comment in the office is one thing; if the comment is made on a work-related social media account, then it's out there, and it can't be retrieved. Just ask Ketchum PR Vice President James Andrews, who two years ago fired off an infamous tweet trashing the city of Memphis, hometown of a little Ketchum client called FedEx (FDX), the day before he was to make a presentation to more than 150 FedEx employees (on digital media, no less!).

The tweet was discovered by Fedex employees, who emailed angry missives to Ketchum headquarters protesting the slight and wondering why FedEx was spending money on a snooty New York PR firm while employees were dealing with a 5% salary cut during a severe recession. Andrews had to make a very public and humiliating apology.

Remember, this wasn't some low-level employee not tuned into the corporate mission. This was a high-level communications executive who damaged his company's brand and endangered an account. Imagine what a disgruntled low-level employee without as much invested in his job might be able to do with social media tools and a chip on his shoulder.

1. LACK OF A SOCIAL MEDIA POLICY
This one's totally on you. Without a social media policy for your enterprise, you are inviting disaster. You can't just turn employees loose on social networking platforms and urge them to "represent." You need to spell out the goals and parameters of your enterprise's social media initiative. Otherwise you'll get exactly what you're inviting - chaos and problems.

Who is allowed to use social media on behalf of the organization and what they're allowed to say are the two most obvious questions that must be addressed in a social media policy. You need to make all this clear or employees will make decisions on their own, on the fly. Does that sound like a good thing?

Two more imperatives related to social media policy:

1) Organizations must conduct proper training for employees, if only to clear up issues regarding official social media policies, and

2) A social media initiative needs a coordinator and champion. And that means a social media manager.

Report courtesy Chris Nerney @ CIO.com

Virtual computing solutions for the virtual work-style

2011-10-16T18:51:00.000-07:00

Two distinct forces are reshaping the way business and IT operate: the tightened budgets of the still-unpredictable economic environment and a workforce that is becoming ever more dynamic and demanding. Businesses are therefore seeking a solution that fosters, if not enables, the virtual work-style—enabling their employees to be productive anytime, anyplace—while also taking measures to leverage IT as a business enabler.

Virtual computing can make the borderless workplace drastically simpler and more effective, for workers as well as IT management. The consumerisation of IT is eliminating the need for corporate ownership of devices, networks and data centres, freeing employees to use the device they want—wherever they may be—and have access to any applications required. Meanwhile IT gets more control over what really matters, such as security, data and cost.

Virtual computing not only improves corporate agility, employee flexibility and productivity but also increases security, facilitates self-service and promotes scalable computing capacity— all while diminishing overhead.

The following are the key enablers supporting the virtual work-style.

Embracing device and network independence:

Research shows that users of tablet devices such as the iPad increasingly want to use them for work purposes, feeling that it makes them more productive. Because virtualisation enables any device to become a fully functioning desktop, the iPad and other such devices that foster telework and mobility offer the same functionality as office-bound devices, with the ubiquitous access permitted only by a mobile device.

Securing the service, not the endpoint:

Another benefit of device and network independence is being able to focus on securing sensitive information and transactions rather than endpoints. Companies are finding this simpler security approach to be both less expensive and more effective.

Delivering self-serve user experiences:

Do- it-yourself consumer services such as Amazon.com and iTunes have led people to crave similar control over IT processes when they’re at work. Products that provides these same capabilities from within the enterprise—equipping employees to handle basic jobs such as installing and updating applications on their own. The end results are lower management costs and happier, more productive employees.

Providing capacity on demand:

It’s inefficient to maintain a large infrastructure that infrequently needs to support peak requirements. Using virtualisation and cloud computing to virtualise data centers, organisations can instead scale their IT resources up and down as needed. That saves money while increasing agility.

Adopting pay-as-you-go pricing:

Taking a page from the subscription-based payment methods common among software as a service (SaaS) solutions, companies are exchanging fixed-price licensing for variable-pricing models in which they pay only for the services they use. Many organisations are using these technologies to bring exciting concepts such as these to life. These technologies play a key role in building flexible virtual computing solutions that are device and network-neutral. They also help companies transmit private information over public infrastructure safely and speedily.

The modern workplace rapidly developing today is a dynamic and agile business environment—far different from what it was even very recently. Virtual computing is the flexible platform needed to support and drive this brave new business world.

Report courtesy Cisco Systems

For expert advice regarding any aspect of Virtualisation please don't hesitate to contact Origin IT for expert consultation from our Consultants