Best Practices for Privileged Account Management – Part 1

Basic Privileged Account Management Abused and Misused privileges are often seen as being the cause of breaches within organizations around the world.  Privileged account management should be a major focus for Security and IT management who are looking to mitigate the risks of data breaches and insider risks. What is Privileged Account Management? Privilege Account Management is the definition and management of policies and processes that define the ways in which the user is provided access rights to enterprise systems.  It governs the management of the data that constitutes the user’s privileges and other attributes, including the storage, organization and [...]

By | 2017-08-08T05:58:16+00:00 July 5th, 2017|Uncategorized|Comments Off on Best Practices for Privileged Account Management – Part 1

WannaCry – Worldwide Ransomware Attack – Updated

A widespread ransomware attack has spread across the globe infecting tens of thousands computers in as many countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan.  The software can run in many languages.  There have been several versions and updates, but the ways to protect remain the same.  Recently, a decryption tool has been discovered – see here. Technical Details Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through a Remote Desktop Protocol (RDP) compromise or the exploitation of a critical Windows SMB vulnerability.  Microsoft [...]

By | 2017-05-24T14:02:22+00:00 May 13th, 2017|Uncategorized|Comments Off on WannaCry – Worldwide Ransomware Attack – Updated

Security Incident Case Study – A MSSP Run Amok

This is a case study of a security incident that occurred recently. The purpose of sharing this case study is to provide an example as to why proper security measures must be constantly validated both internally AND externally to include Managed Service Providers.     Security Incident Overview A valid user account (UserX) downloaded a malicious executable file on the Remote Desktop Protocol (RDP) server used by employees for remote desktop access in the middle of the afternoon. The updated security software on the server blocked the file from executing and placed it into Quarantine. Upon closer inspection, after being alerted [...]

By | 2017-01-17T23:33:08+00:00 January 17th, 2017|Computer & Network Security, Data Breach, Uncategorized, Vulnerabilities|Comments Off on Security Incident Case Study – A MSSP Run Amok

Law Firm Breach Used for Insider Trading Profit

Three Chinese citizens are charged for insider trading after allegedly making $4 million by using information obtained from Law Firms.  The breach has to do with stolen credentials and malware planted within Firm systems - a very common tactic.  The Law Firm names have not been released yet.  Firms are typically diligent with Banking and Healthcare data, but this breach had to do with a merger that was in the works.  The hackers bought shares before the announcement and profited from the stock increase.  This highlights the need for more than just basic cyber security products.  A more disciplined approach [...]

By | 2016-12-30T13:19:30+00:00 December 28th, 2016|Computer & Network Security, Data Breach, Information Security, Social Engineering|Comments Off on Law Firm Breach Used for Insider Trading Profit

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

In the first post I covered best practices for securing service accounts.  In this post, I am going to discuss some key elements in securing priveleged access.  Keep in mind, Microsoft has published a comprehensive guide to securing an Active Directory. Keep in mind that many of these things will require additional work on the front end, but that is usually due to poor existing practices.  Once processes are in place, these key components should not add significant overhead to administrative tasks. No users should regularly reside in Domain Admins (DA) or Enterprise Admins (EA) groups Straight from the horse's mouth: As [...]

By | 2016-03-21T09:57:50+00:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

I recently had a client ask me about our recommendations for securing service accounts within Active Directory.   We talked for a bit, and then I decided to write them down.  This post will have two parts, the first part is for Service Accounts and then the second post will be about privileged accounts. What is the minimum privilege needed? If the account will only use local resources on a single device, use a local account on that device. If the account needs permission to see users, computers, groups etc use a domain service acct. When only read access to [...]

By | 2016-02-18T11:02:18+00:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

2015 Cyber Security Awareness Month

What is Cybersecurity? According to US-CERT, "The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation." In other words, it is the people, processes and technology that manage or maintain the Integrity, Availability, and Confidentiality of the systems and data with which an organization functions.  Many times these roles are shared with IT which in turn can come with its own challenges.  Often times, IT is focuses solely on availability, or up-time and ease of use, and both [...]

By | 2015-10-02T09:15:18+00:00 October 2nd, 2015|Compliance, Computer & Network Security, Information Security, Research|Comments Off on 2015 Cyber Security Awareness Month

Third Party Apps: Consider The Risks

What are 3rd party tools? Everyone, from individuals to enterprises, uses third party tools and applications on their workstations, servers and mobile devices.  Some examples are Adobe Reader, Java, WinRAR, and many more.  They are applications that are run or installed, but are typically not centrally managed by your organization. Why are they important to an organization? Many times these tools are required to carry out critical job functions.  These can be running applications that require Java applets, fax services, custom written applications and so on. What risks can they introduce? Since these applications are usually not centrally managed, their [...]

By | 2015-10-01T09:22:47+00:00 October 1st, 2015|Adobe, Compliance, Computer & Network Security, Java, Vulnerabilities|Comments Off on Third Party Apps: Consider The Risks

iOS Malware – The Sky Is (not) Falling!

By now you should have heard that malware has been detected in apps available from Apple's App Store.  (Let's take a short break to let the rival Android users stop chuckling)  Should you be panicked?  Should you contact your IT department and have them wipe all of your company's iPhones?  Should you rush home and trade your teenager's iPhone for an old Samsung flip phone?  No, you shouldn't - the Appleocalypse is not upon us.  (except maybe for the last one - have you seen the trouble teenagers can get into on smart phones?  Sheesh!) Because this is somewhat of [...]

By | 2015-10-02T08:40:54+00:00 September 26th, 2015|Apple, Computer & Network Security|Comments Off on iOS Malware – The Sky Is (not) Falling!

Ransomware! – It’s here to stay…

“My firm WILL be affected by ransomware.” If you intone that rather gloomy mantra to yourself every morning before you go to work, you might end up being prepared to deal with the situation when it happens. Ransomware is a type of malware that most often encrypts the contents of a hard drive and then rather helpfully offers you an email address or phone number to contact for removal instructions. And did I mention they’re going to ask for payment for the key to your now locked-up hard drive? They’ll ask for payment. And when the email with the funny [...]

By | 2015-10-02T08:39:49+00:00 August 28th, 2015|Compliance, Computer & Network Security, Data Breach|Comments Off on Ransomware! – It’s here to stay…