posted by: Chris King on April 28, 2009 2:27 PM
filed in: application usage & risk report
tagged: circumvention
Found On Lifehacker – an easy way past workplace security controls
Anybody can set up external proxies.
Here’s an article I found on Lifehacker, a useful, mainstream website. The article points to a step-by-step tutorial on how to circumvent IT’s security controls using FreeProxy. Have a look.
Matt talks a little about circumventing applications in this post, and they are covered extensively in our Application Usage and Risk Report.
posted by: Matt on April 23, 2009 10:59 AM
filed in: application usage & risk report, Firewall
tagged: application control, application usage & risk report, Firewall
Remote Desktop Control – Valuable Tool or Gaping Hole?
Today’s post will cover several interesting tidbits of data about remote control products. The first tidbit comes from the recently released Verizon Data Breach Report which paints a detailed picture of how cybercrime is making money. The report looked at 90 data breaches that resulted in a loss of 285 million records. The item that struck me as interesting is the section discussing attack vectors.
“In approximately four of 10 hacking-related breaches, an attacker gained unauthorized access to the victim via one of the many types of remote access and management software. Rather than for internal usage, most of these connections were provisioned to third parties in order to remotely administer systems. As discussed extensively in this and previous reports, the ultimate attacker is not typically the third party (although that certainly happens). More often, an external entity compromises the partner and then uses trusted connections to access the victim. From the victim’s perspective the attacker appears to be an authorized third party, making this scenario particularly problematic. This is especially so when trusted access is coupled with default credentials.” …Continue reading
posted by: Matt on April 17, 2009 8:33 AM
filed in: Application Advisory/Analysis, application usage & risk report, Firewall, Threat Advisory/Analysis
tagged: application usage & risk report, Firewall
Real Data Does Not Lie – Existing Security Controls Are Failing
On April 15th, we participated in a very successful webinar with Dark Reading entitled “Why Bad Security Breaches Keep Happening To Good Organizations”. During the back and forth between the two speakers, we took a poll of the attendees, asking them the following question:
Which applications do you think are currently running in your organization’s IT environment? Attendees were able to select all that applied and the results of a total of 181 votes showed the following: …Continue reading
