PIM, PAM and PUM: Best Practices for Unix/Linux Privileged Identity and Access Management

system security, access management, identity access management, foxtOverview

PIM, PAM and PUM have different meanings, and interpretations, to different people. For the most part the concepts around these three far-ranging topics intersect, and for the most part we are talking about the same thing. PIM, privileged identity management; PUM, privileged user management; and PAM, privileged account management OR privileged access management.
Continue reading

Anthem Health Insurance Hack

system security, access management, identity access management, foxt A Story All Too Familiar

If you’re a customer, a past or current employee of the #2 health insurer in the USA – Anthem, you will have already been notified by the organization that they have been hacked last week. By now your personal information has probably left the USA for pastures new, and with a little manipulation for the next 5 years new bank accounts, credit cards, and driver’s licenses can easily be requested from State authorities, and in some cases birth certificates and passports could be cloned in your name, and used by others.
Continue reading

Fox Technologies Expands Sales Team Following Successful Close to 2014

Leading Server Security Company Hires Seasoned Veterans to Lead Strategic Direction of Sales Organization and Accelerate Company Growth

GRAND RAPIDS, MI – February 10th, 2015 – Fox Technologies Inc., a portfolio company of Parallax Capital Partners, and leader in server control solutions, today announced the appointment of John Kolesar as Vice President of Sales, and Michael Murray as Director of Sales Engineering.
Continue reading

Sony Breach – From the Inside Out

system security, access management, identity access management, foxt From the Inside Out

The recent (very public breach) of Sony Entertainment has (again) brought computer security into the headlines. Analysis of the attack has revealed that Sony may not have been doing everything that they should have to defend themselves. Reports indicate that numerous employee accounts were compromised, allowing the attacker to access systems, data and applications the same way, and with the same privileges, that the employees themselves would.

Compromised accounts are a common outcome of many breaches. The damage ranges from exposing the credentials used to log in to web sites to compromising accounts that grants access to corporate networks, computers and applications. The greatest threat comes when the accounts that are compromised belong to the IT staff that manages the systems, and has the most privilege granted to them. Continue reading

It’s All About the Keys

system security, access management, identity access management, foxt What Do You Know About Your Keys?

SSH has been highlighted in a number of recent report and articles, particularly SSH key management. SSH can make use of 2 classes of keys to secure and authenticate a connection: host-keys and user-keys. Host-keys are a lot like SSL certificates, identifying the server you are connecting to, providing integrity and seeding the encryption of the session. All SSH servers have a host-key. SSH user-keys are used to authenticate specific accounts to the SSH server. Continue reading

SSH Webinar: Oh SSH..IT, Now What!

Thank you for watching the second webinar installment: “Oh SSH..IT, Now What?”

We hope that you found the presentation educational, and look forward to your attendance and participation next week.

Webinar Reminder:
Control Your SSH..IT
Thursday October 16th, 2014 | 10am PDT/1pm EDT

  • The “what” of SSH; what SSH services an account is allowed to use, and what they can do once granted access
  • Adding privilege management as an incorporated control measure

Enterprise System Security Training

Access Management and System SecuritySecurity training is one of the easiest, and hardest, things for an enterprise to do.

First, it takes budget, and these days budget for something ‘soft’ like this can be hard to come by in any organization. Second, it can be hard to measure any return on the investment. This is a problem with security in general, but with an exercise like training an activity like testing the training can be difficult, and it can add to the overall cost. Third, no matter how much training we give people, it always seems like it doesn’t stick. Especially with something like security where we are often asking people to replace what may be perceived as an efficient or simple method of doing something with a more secure practice that could be perceived as a burden.

And, after training managers may have an expectation that the problem is solved, where really it may not be. This leads to the first bit of advice:

Expectation does not replace inspection.

If we do not test for compliance, we can not truly know if we are compliant.

This is a great lesson for managing internal systems. Systems buried deep in our networks, providing critical operations and accessed only by the trusted staff of administrators at an enterprise are often assumed to be secure. The fact is, they are not inherently secure, but need to be secured. What these servers need to be protected against is the possibility of a compromised account, a user or administrator who exceeds his authority, or a disgruntled user who deliberately abuses their privilege to access a system.

Data Access and System SecurityIn the case of deliberate abuse, well, it is really very hard to stop. After all, someone has to have access to provide for the administration of our servers. And, we expect them to behave professionally and in the best interest of the enterprise.

And, there we go again, expecting something.

For Linux and Unix servers providing critical services it is not enough to expect the best. The use of a privilege management tool that can record the privileged activity is essential, and provides the ability to inspect as well.

There is a growing trend in enterprises, recognizing that administrative access to servers needs to be managed, protected and recorded. BoKS ServerControl provides the ability to manage the who, how and what of Linux and Unix access, combining account management, access control and privilege enforcement and monitoring.

 

FoxT - Fox TechnologiesFoxT Access Management & Governance solutions complement your existing technologies by adding granular control and enforcement of authentication and authorization policies for both privileged and end users. www.foxt.com

SSH Webinar: The SSH..IT Storm

Thank you for joining us for the first installment of our 3-part webinar series on SSH. Below are your questions answered.

QUESTION:
Re: key management. If keys and logging is configured correctly, ssh/pka is multi-factor authentication which is invariably “better” than single factor authentication. It sounds like foxit’s stance is pointed more towards single factor auth to privileged accounts. Is that accurate and, if so, how is that justified?

ANSWER:
FoxT absolutely does not recommend passwords, or another single-factor authentication, as the preferred method of authentication. A key aspect that we were attempting to draw out is that in locally configured and controlled SSH deployments, and with many products that offer SSH access control, the decisions on how SSH is controlled are globally applied. FoxT believes, and the BoKS ServerControl product provides, a much more granular solution to SSH access control than what was discussed in the initial presentation, which was intended to draw out the deficiencies in many SSH implementations. Continue reading

Can Too Much Active Directory Be A Bad Thing?

system security, access management, identity access management, foxt Identity Access Management (IAM)

I just read a recent article about IAM (Identity Access Management) projects, and the level of complication that can ensue when trying to plan and implement a project of the scale and scope that a comprehensive IAM project entails.

The theme of the article is that AD (Active Directory), in many enterprises, is the identity store of choice; the idea being that if you could align your enterprise to use a single account, there is an economy of scale, reducing the number of places where access and permissions would need to be managed. Continue reading