Entries Tagged as 'Lockdown'
by Neil MacDonald | March 16, 2013 | Comments Off
The idea of “sandboxing” potentially malicious content and applications isn’t new but interest in this type of approach on Windows desktops is growing. Further, the increasing variety of virtualization and abstraction techniques available on Windows create isolation that can be used to provide security separation – aka “sandboxing”. Given the innovation around virtualization techniques [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Next-generation Security Infrastructure Virtualization Virtualization Security Tags: APTs, Beyond Anti-Virus, Browser Security, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Virtualization, Virtualization Security, Whitelisting, Windows
by Neil MacDonald | January 31, 2013 | 1 Comment
Seriously, is anyone surprised? I’m sure you’ve seen the news about Chinese infiltration at the New York Times: http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html According to the article: Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Tags: APTs, Best Practices, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Whitelisting
by Neil MacDonald | September 29, 2011 | 2 Comments
I’ve made it a point over the past 6 months to ask clients if they are combining their endpoint protection platform contracts across desktops, laptops and servers. In most cases (about 75%), the answer is yes – contracts are being combined in order to reduce complexity and costs. Is protecting a desktop different than a [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Next-generation Security Infrastructure Tags: Adaptive Security Infrastucture, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Next-generation Security Infrastructure, Reducing Complexity, Reducing Cost, Windows
by Neil MacDonald | August 23, 2011 | 2 Comments
Run more of your Windows users without administrator rights. I’ve talked about this several times before – including here, here and here. While it may not be feasible to remove administrator rights from all users, it is an absolutely achievable goal to continue to improve the percentage of Windows users running without administrator rights year [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Microsoft Security Windows 7 Tags: Best Practices, Beyond Anti-Virus, Endpoint Protection Platform, Lockdown, Microsoft Security, Security No-Brainer, Windows
by Neil MacDonald | May 4, 2011 | Comments Off
In discussions with clients, I still run into some confusion on whether or not removal of administrator rights constitutes “lockdown”. Perhaps this was the case a few years ago with older Windows applications and Windows XP, but this is not the case today with Windows 7. For example: Standard users can install and execute well-written [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Microsoft Security Windows 7 Tags: Apple, Beyond Anti-Virus, Endpoint Protection Platform, Lockdown, Microsoft Security, Security-Summit-NA, Whitelisting, Windows
by Neil MacDonald | May 2, 2011 | 3 Comments
Rapid adoption rates, three hundred and fifty thousand apps, but not much malware. What gives? 1) The power of whitelisting. Call it what you may, but having Apple act as the steward of all applications via its App Store is a form of whitelisting (where the list of approved applications [whitelist] is defined by those [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Microsoft Security Windows 7 Tags: Apple, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Security-Summit-NA, Windows
by Neil MacDonald | April 8, 2011 | Comments Off
One of the top recommendations I made to increase your security “bang for the buck” in 2011 was to increase the percentage of users that run without administrative access. For clients, we’ve recently published a research note that details the best practices for removing administrator rights from Windows users. One of the best practices is [...]
Category: Microsoft Security Windows 7 Tags: Beyond Anti-Virus, Lockdown, Microsoft Security, Windows
by Neil MacDonald | March 15, 2011 | Comments Off
The conventional wisdom is that a user who is configured with “standard user” privileges (the least possible in Windows 7) cannot install software (or malware for that matter). This is incorrect. Software that writes to the user’s data directory, and that doesn’t write to protected portions of the registry, can install correctly as a standard [...]
Category: Endpoint Protection Platform Microsoft Security Windows 7 Tags: Best Practices, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Microsoft Security, Reducing Cost, Whitelisting, Windows
by Neil MacDonald | January 6, 2011 | Comments Off
In my previous post, I kicked off 2011 with a recommendation for improving your “security bang for the buck” or quick wins for information security in 2011 – increasing patching breadth and depth. Here’s a few more to consider in 2011: In a response to this post on the value (or lack thereof) of antivirus [...]
Category: Beyond Anti-Virus Cloud Security Endpoint Protection Platform Windows 7 Tags: Best Practices, Beyond Anti-Virus, Cloud Security, Endpoint Protection Platform, Information Security, Lockdown, Reducing Cost, Security No-Brainer, Windows
by Neil MacDonald | May 6, 2010 | Comments Off
Three quick things: The Center for Internet Security recently published its hardening guidelines for Windows Server 2008. It’s comprehensive – 159 pages of explicit guidance for the correct configuration of Windows Server 2008. CIS provides guidance for many other platforms as well, but I had several clients waiting on the update for Windows Server 2008. [...]
Category: Endpoint Protection Platform Information Security Tags: Best Practices, Endpoint Protection Platform, Information Security, Lockdown, Microsoft Security, Windows
