that account for day to day administration
task like create new users, change password, group membership etc.
1) What are some security concerns with this approach.
2) What are best practices to prevent abuse of this account
3) What type of auditing needs to in place to prevent abuse.
--
Saqib
equivalent account should not be a requirement. I would be
> leery of configuring a 3rd party application to use "domain admin" as you
> can't ensure that:
--
Saqib Ali, CISSP
http://www.xml-dev.com/blog/
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
---
---
from a Group.
> The company for which I work has a security policy that I have to comply
> with. According to this policy, all grouplist providing access to shared
> information must be reviewed every 6 months.
--
Saqib Ali, CISSP
http://www.xml-dev.com/blog/
"I fear, if I rebel
raphical firewall". Here is a paper that describes it in details:
http://www.xml-dev.com/xml/SafeBrowsing/
--
Saqib Ali, CISSP
Support http://www.capital-punishment.net
---
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
---
---
---
or IE.
> Now I'm no coder...but from threads I've seen Firefox's Extensions
> are ripe for fun and excitement.
that is problem with the poorly developed extensions and not the firefox.
--
Saqib Ali, CISSP
Support http://www.capital-punishment.net
---
&q
sforce) do not attach their
workstations to the AD domain. So for them a WebInterface is usually a
convenient way of changing passwords. MS provide ADSI to make this
process easier and secure.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
---
"I fear, if I rebel agains
be no difference. BindView,
pstools etc will work the same way.
1) When the machine is off-line, the drive will be in a encrypted
state, and the decryption keys are with the TPM. So any access to the
drive in this "off-line" mode will require obtaining the decryption
keys from the TP
ctions are provided by the TPM. BitLocker itself doesn't
provide these functions. Key escrow functionality requires a PKI.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
---
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of R
On 5/7/06, Alessandro Giacometti <[EMAIL PROTECTED]> wrote:
For bitlocker, there is not a password reset tool BUT you're forced to
create a recovery password (it's something like te product key for office or
windows).
Actually the recovery password is 48 digit to be exact.
--
Hello,
I far as I know autorun feature doesn't get executed in a screen lock
mode. Autorun only executes when the screen is unlocked. In any case,
it is best pratice to disable autorun on computers in a enterprise.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishmen
try to decipher or some
other computer, they won't be able to.
To further secure this implement, you can probably use cryptographic
ASIC or HSM to perform the encryption, so that the CPU never sees the
decrypted AES key.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishmen
You can use a commercial packer/protection program (Armadillo for
example).
I think when the program is running you can still see the encryption
keys in the memory stack even if you use Armadillo...
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
---
"I fear,
A write up covering the "Free" encryption and credential management
tools shipped with HP and Dell Laptops:
http://www.full-disc-encryption.com/biometrics_and_encryption.htm
Covers TPM, biometrics, encryption, credential management, SSO to
applications etc.
Would like to receive comments / criti
t
the computer usage to be adversely affected.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
---
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
---
---
---
e of whole disk encryption
in an enterprise environment?
>---
>---
---
-----------
full-disc-encryption on the
physical hardware.
--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
---
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
---
---
---
Has anyone thought about using something like Truecrypt to lock down a
VM image and only use the VM to do sensitive work? If anyone has, does
this work well?
Technologically this sounds good.
However how are you going to force your users to do all their
sensitive work frm the vm session?
One p
17 matches
Mail list logo
