Tag Archives: access management

Can Too Much Active Directory Be A Bad Thing?

system security, access management, identity access management, foxt Identity Access Management (IAM)

I just read a recent article about IAM (Identity Access Management) projects, and the level of complication that can ensue when trying to plan and implement a project of the scale and scope that a comprehensive IAM project entails.

The theme of the article is that AD (Active Directory), in many enterprises, is the identity store of choice; the idea being that if you could align your enterprise to use a single account, there is an economy of scale, reducing the number of places where access and permissions would need to be managed. Continue reading

Every Threat is an Insider Threat

system security, access management, identity access management, foxtWith the fallout of the data breach at the Office of Personnel Management still in the news cycle, now is a good time for federal organizations to reflect on the state of their own security and the sophistication of their enemies.

There are many security analysts out there who are more than willing to give their two cents on what the OPM did wrong, but we can all agree that the department was woefully ill prepared to address the tactics of their adversary.

The reality is that most attackers are not breaking into networks; they are just logging in. Defenders are waiting for threat actors to hack through the firewall, but it is easier and more effective for attackers to compromise the credentials and access privileges of organization insiders, then operate with all of the privileges of legitimate users. They are turning innocent users into insider threats.
Continue reading

How to Identify and Thwart Insider Threats

system security, access management, identity access management, foxtIt is often cited that an enterprise’s employees are its biggest vulnerability. What are company’s doing about it? In a significant number of cases, companies are perhaps doing nothing.

According to the SANS Institute and SpectorSoft, 74 percent of the 772 IT security professionals they recently surveyed are “concerned about malicious employees.” The survey pool spans 10 industries including financial, government, and technology and IT services. The survey data also shows that 32 percent of respondents “have no technology or process in place to prevent an insider attack”.
Continue reading

Mitigate IoT Security Risks By Controlling the AoIT (Access of Internet Things)

system security, access management, identity access management, foxtRegardless of the entry method — IoT machines, unpatched medical devices, BYOD’s, printers, etc. — when hackers steal private personal info from companies and governments, it requires that they obtain and exploit the credentials of privileged users. With the neverending growth in the IoT, how can enterprises protect themselves from the inevitable hacking attempts on their networks?

Centralized, granular controls over privileged access to all sensitive IT assets, with defined SSH access routes included in the authentication process would mitigate many of the risks associated with the growing number of IoT devices throughout our homes, communities, and workplaces. For example, a properly configured software solution like BoKS ServerControl could actually eliminate all elevated access rights from any number or whole sets of machines, or types of machines by model or make, machines with certain IOS versions, etc.
Continue reading

Linux.com Article: Why Many Companies Aren’t Securing OS Permissions Adequately

system security, access management, identity access management, foxt When it comes to ensuring that the operating systems in your IT infrastructure are adequately secured, access-permission-wise, some companies and organizations are more up to date — secure, and compliant — than others, according to David Dingwall, architect, and business development manager, Fox Technologies (which has recently conducted an in-depth survey of over 500 IT security professionals concerning their server environment security practices).
Continue reading

Linux.com Article: Managing IT Access Privileges — Not As Solved As Management Thinks

Secure, private, effective use of computers by a company (including hosted, cloud and other services as well as the company’s own systems) relies on managing access privileges.

The problem isn’t unique to computers. Office buildings, hotels, apartments and college dorms, for example, typically have “master keys” (or smart ID badges) that can open many-to-all of the locks in the facility, for security and other staff, while regular staff’s keys or badges only work on specified rooms and entryways.
Continue reading

SSH Webinar: Control Your SSH..IT

Thank you for watching the second webinar installment: “Control Your SSH..IT”

We hope that you found the presentation educational, and look forward to your feedback and questions.

View Session 1: The SSH..IT Storm
View Session 2: Oh SSH..IT, Now What?!

You may also be interested in: Taming the Beast – SSH for Security and Compliance

system security, identity access management, foxt, active directoryFoxT Access Management & Governance solutions complement your existing technologies by adding granular control and enforcement of authentication and authorization policies for both privileged and end users. www.foxt.com/boks

SSH Webinar: Oh SSH..IT, Now What!

Thank you for watching the second webinar installment: “Oh SSH..IT, Now What?”

We hope that you found the presentation educational, and look forward to your attendance and participation next week.

Webinar Reminder:
Control Your SSH..IT
Thursday October 16th, 2014 | 10am PDT/1pm EDT

  • The “what” of SSH; what SSH services an account is allowed to use, and what they can do once granted access
  • Adding privilege management as an incorporated control measure

You may also be interested in: Taming the Beast – SSH for Security and Compliance

system security, identity access management, foxt, active directoryFoxT Access Management & Governance solutions complement your existing technologies by adding granular control and enforcement of authentication and authorization policies for both privileged and end users. www.foxt.com/boks

FoxT Announces Availability of Privileged Access Management for HP- UX Virtual Platforms

Mountain View, CA – July 1, 2013 – Fox Technologies, Incorporated, (FoxT), a leading provider of unified Access Management and Governance solutions, today announced the expansion of platform coverage for FoxT ServerControl version 6.7 to include the ability to control privileged user access to HP-UX Virtual Servers.  Part of FoxT’s comprehensive Access Management and Governance solution suite, FoxT ServerControl enables organizations to proactively enforce privileged user access policies and actions across diverse UNIX, Linux and Windows servers.

Continue reading