Help desk technicians within a company are the first line of defensive for a new project or system problem. Most of the time, they are informed and trained that users will be getting a new piece of security software. The solution, in this case, is called Privileged Identity Management (PIM) and is designed to manage authenticated permissions on their workstations. The technology provides administrative rights to applications and operating systems features that require administrative privileges and allows their normal daily job functions to occur as a standard user.
PowerBroker for Windows (PBW) is designed to integrate directly into your corporate Active Directory (AD) structure without modifying your existing schema. In the asset labeled “1” below, an administrator simply loads a Group Policy Option (GPO) snap-in onto an asset that uses the Microsoft Management Console (MMC). The administrator can then create policies and rules that are stored in the AD domain labeled “2”. An administrator can also access the management console (Retina CS labeled “3”) via a web interface to run reports or create additional rules based on collected events from the environment.
The security scene has been eventful since our last Mobile Monday thanks to the Mobile Pwn2Own competition in Amsterdam. Both Android and iOS were vulnerable to some pretty unique exploits.
iOS (including iPhone 5)
Confirmed vulnerable: iOS 5.1.1 and iOS6 across all devices
Exploit allows attackers to grab your contacts and photos
Dutch security researchers, Loost Pol and Daan Keuper of Certified Security, debuted a remote safari exploit. The yet unnamed exploit takes advantage of a webkit 0-day to bust out of iOS’s security sandbox. Once outside the sandbox, the code gives attackers a vector to remotely steal pictures and address book details. Though they have showed several demonstrations of the exploit, Loost and Daan have yet to divulge exactly how the exploit works for fear that cybercriminals will try and take advantage of it.
Mobile Usage Continues to Shift Away from Voice
Mobile usage has continued to shift away from carrier voice calls and towards use of text messaging and communication through social media (Twitter, Facebook, etc.). While offering convenience, these new forms of messaging may pose greater security risks to consumers and enterprise customers.
SaaS is more than just architecture
A lot of time and effort went into PowerBroker Mobile as a SaaS solution, we spent a lot of time designing the most scalable, fault resistant system possible. What we came up with was a system that could scale across multiple geographic regions with no single point of failure. After a lot of careful planning and thought we developed PowerBroker Mobile with these architectural assets in mind. However, cloud architecture means little without well thought out software. We went to great lengths to modularize, decouple, and instrument every possible aspect of PowerBroker Mobile to leverage the elasticity and redundancy of virtualized computing. Load balancers, firewall, CDN, DDoS protection, web application servers, worker jobs, caching, and databases were all built from the ground up to work in a highly elastic and distributed fashion.
One of the best-known secrets about PowerBroker for Windows is the ability to logically group rules into Collections. This Best Practice allows you to organize rules based on almost any criteria and treat multiple rules as a single entity. This feature is most useful when:
- Rules require the same item-level targeting
- Organizing rules into physical groupings for ease of maintenance or review
- Creating rule groups based on abstract terms like department, application, or even denied applications or websites
- Enforcing that all sub-groups or rules inherentthe same action
- Storing obsolete or temporary rules
- Staging rules that are used for testing before inserting them into production. (This works best with Item Level Targeting).
Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254. The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update. This change to the minimum bits level of certificates will change the Windows certificate system and will cause it to stop accepting certificates that are less than 1024 bits as those keys are considered ‘weak’. This change will affect all Windows operating systems above Windows XP SP3 and Windows 8 already implements the tighter certificate check.
September was an active month in terms of security commentary and news; ranging from an alleged Apple data hack to an IE 0day out-of-band patch release. Since I’m sure many of you are still catching up on the news, for your convenience I’ve included some of the more insightful September coverage below.
Welcome to Mobile Monday!
Welcome to BeyondTrust’s first bi-weekly mobility Monday post! With the speed at which mobile is evolving, and its unprecedented place at the forefront of the consumerisation of IT, we felt it would be helpful to give a manageable summary of all the happenings in the mobile space. Every two weeks you can expect a summary of all news, analyst reports, notable leaks, as well as everything an administrator needs to mitigate the latest in mobile vulnerabilities and exploits. So let’s get right into it.
Microsoft has released a patch to fix the IE 0day, CVE-2012-4969, along with four other privately reported CVEs that lead to remote code execution (CVE-2012-1529, CVE-2012-2546, CVE-2012-2548, and CVE-2012-2557). One interesting thing to note is that CVE-2012-2546 and CVE-2012-2548 only affect the most recent version of Internet Explorer, IE 9. The now-patched 0day, CVE-2012-4969, affects all supported versions from 6 through 9. Since CVE-2012-4969 affects all versions, and is actively being exploited in the wild, it is imperative that administrators roll out this patch immediately. If the patch rollout must be delayed, then mitigate these vulnerabilities by disabling ActiveX controls and Active Scripting in both the Internet and Local intranet security zones. Additionally, use Blink Endpoint Protection or EMET to protect against exploits that leverage these vulnerabilities.
You can detect vulnerable systems using Retina and Retina CS, via the following audit:
17119 – Microsoft Internet Explorer Cumulative Security Update (2744842)