IT Security Articles from Lieberman Software

Lieberman Software frequently contributes bylined articles to leading IT publications to promote security best practices for the enterprise. A selection of published articles is below. 

 

Privileged Identities Are At the Core of Today's Cyber Attacks
Information Age
Philip Lieberman

A destructive data breach can begin with the compromise of just one privileged account. Criminal hackers and malicious insiders can exploit an unsecured privileged account to gain the persistent administrative access they need to anonymously extract sensitive data. 

Secure Privileged Accounts Faster Than Hackers Can Strike
Microsoft Channel 9
Chris Stoneff

In recent months, we've witnessed a series of devastating data breaches affecting some of the world's most renowned businesses, with each breach inflicting staggering costs in terms of financial and reputational damage. But what's lesser known is many of those breaches began when a cyber attack exploited a single, unsecured privileged account and eventually gained control over the network. 

Five Biggest Cyber Security Mistakes That Show the Need for Automated Defenses
TechWeek Europe
Philip Lieberman

Setting all workstations and/or server administrator accounts to the same password is a convenience for IT – but also for hackers.  If one machine is compromised and the password discovered, all the machines with that same password become compromised. 

Force Majeure - insurance for cyber-warfare?
SC Magazine UK
Philip Lieberman

 
As we look back on the cyber-attacks of 2014, one of the recurring themes presented by so-called security experts and the CEOs of hacked companies was that there was no way they could have expected nor prevented the consequences of the attacks that hit them. In legal parlance, the concept of reasonably unexpected and unstoppable events that disrupt a business and its contracts is called force majeure. 

Fixing Weak Passwords
Information Security Buzz
Chris Stoneff

 
It’s also essential to consider the security of “privileged passwords,” which are the passwords that grant access to powerful administrator or root accounts. These passwords are particularly important to secure because if they fall into the wrong hands, the privileged accounts can be exploited to access and steal confidential data, add or remove programs, or alter system configuration settings. 

Do Retailers Care About Their Customers' Data Security? 
Chain Store Age
Chris Stoneff

 
I think that most consumers would be horrified with the state of IT security at many retailers – especially given that these companies handle millions of payment card transaction daily, and collect a startling depth of private data for targeted marketing campaigns.

Detect and Respond
Help Net Security
Philip Lieberman

 
I have made the analogy that many corporate networks are like pieces of candy with a hard, thin shell and a big gooey interior. Organizations' common misconception is that they can protect the network interior by making the exterior a little harder – but this never works. The best strategy (and the most challenging politically) is to change the consistency of the interior network into a series of concentric layers of protection and trust – limiting access, accepting that some data loss is inevitable, and vastly reducing the potential consequences.

The Top 8 Ways That Privileged Accounts Are Exploited
SC Magazine
Chris Stoneff

 
Large organisations typically have thousands of privileged accounts, which are often left unmanaged. Rogue insiders, former employees, criminal hackers and sophisticated state-sponsored attackers can exploit these unmanaged privileged accounts to anonymously access and extract an organisation's most critical data using these common attack vectors.

Winning Strategies in Cyber Warfare
SC Magazine
Calum MacLeod

 
Today we live in a world where the “giants” are lined up against us. Cyber Crime, Cyber Sabotage and Cyber Espionage is a daily fact of life. Whether we're talking about botnets, defacing of web sites, spear-phishing or theft of intellectual property, everyone seems to be defenceless against the relentless attacks that are targeting everything from your Facebook page to the SCADA systems controlling nuclear power stations. 

The Wild West Web: how businesses can keep safe in the borderless internet 
Information Age
Calum MacLeod

 
Removing high-level privileges is also critical, such as the ability to add ourselves to the list of legitimate users. Both Unix and Windows make it very easy to create privileged accounts, but additionally to add additional access to applications, networks, and any number of other systems in the environment. This was the method used to breach TJX where the hackers added accounts on internet accessible applications in order to access the information that they wished.

Pass the Hash - Segment Your Environment to Contain Security Breaches  
Computer Technology Review
Calum
MacLeod
 
A "pass the hash" (PTH) attack can happen when just the password hash is sufficient to authenticate a user to a system.  This is more of an issue on older Windows systems such as XP and 2003. Because of the way in which administrative accounts were set up and stored on a system, it means that very often the local administrator account is vulnerable.

Privileged Identity Management in the Cloud 
Cloud Computing Journal
Jess Richter

 
Cloud Service Providers are faced with significant security challenges when managing privileged identities, certificates and other file-based secrets on a massive scale in large and elastic environments. In the world's largest multi-tenant organizations, the number of systems that need to be managed can extend into the hundreds of thousands. A truly secure environment requires all identities on all systems to be discovered and managed.

Doing More With Less in the Age of Sequester
Government Security News
Derrick Dickey

 
How can federal agencies maintain regulatory compliance and stay abreast of the latest security threats while operating with a reduced IT staff? And how can these agencies secure access to their most sensitive files and applications from former employees and contractors recently furloughed or laid off?   

The SCADA Security Challenge 
Help Net Security
Philip Lieberman

 
SCADA systems should never, ever, be connected directly to the Internet, because they are simply not resilient enough to hook up to the public network. They require the use of advanced layers of security – firewalls, privileged identity management, secure proxies – to be implemented as soon as possible for their defense.

How to Ensure the Control of Privileged Accounts
Info Security Magazine
Philip Lieberman
and Lev Smorodinsky
 
This article provides an introduction to Privilege Account Management (PAM). It is translated to Russian. The article contains the following sections:

  1. Cyber attacks aim for Privileged Accounts (PA)
  2. Anatomy of the risk of Privileged Accounts: 4As (Actors, Assets, Accounts Actions)
  3. PA Management (PAM) Maturity Model: At what level is your security?
  4. Secure your home: Do not leave the keys in the locks

Going Rogue
Professional Security Magazine
Philip Lieberman

 
Do you have a rogue employee? It seems that stories of employees ‘going rogue’ are always in the press – but how can companies stop them before they make the headlines? Do you even know if you have a rogue employee? If you’re a large multi-national organization, the laws of probability aren’t in your favor. Add to the mix a person who’s earning minimum wage, handling data that has a retail value on the black market and the temptation might, one day, just prove too much. 

The Pros and Cons of Security Appliances
Security Daily
Derrick Dickey

 
That’s right, security appliances – firewalls, intrusion detection, UTMs and the like – have some little known security issues that create some very large vulnerabilities. 

Five Common Practices that Lead to Failed IT Compliance Audits and Security Breaches
Computerworld UK
Jane Grafton

 
In recent years we have witnessed more and more organisations fail to adequately secure their systems. When examining the evidence, there are common practices that have lead to these failed IT compliance audits and security breaches. How many of the top five are you guilty of?

Low Hanging Fruit of IT Security
Professional Security Magazine
Chris Stoneff

 
As companies continue to struggle in today’s difficult economy, cutbacks affect all sectors of organisations. Unfortunately, IT security solutions are often not spared form the chopping block – a risky and short-sighted decision if you ask me... 

Running Lights Out Management Without Putting Your Organization's Lights Out Permanently
Continuity Central
Philip Lieberman

 
Recently reports highlight that IPMI may have some fundamental flaws if it is not installed and managed properly and that, maybe, hackers could use it to infiltrate the network even if the device is turned off. 

Guarding against emerging spear-phishing threats
Government Security News
Derrick Dickey

 
During my service aboard U.S. Navy nuclear submarines, fellow crew members and I traveled the world’s oceans to protect against silent threats. Today, in my role as a security software professional, I'm committed to a different type of defense -- working with software designers who are charged with protecting the networks and highly sensitive data at U.S. Government agencies. We're on the front lines, if you will, of a fight against emerging and persistent cyber threats.

Privileged Identity 101: Digging for God-Like Accounts
Tek-Tips Forum
Philip Lieberman

 
When I think about managing identities and privileges within an organization, one of my favorite analogies for the whole privileged identity lifecycle is biblical. Everything starts ‘in the beginning’ with a super user.  Whether someone starts with a server or a workstation, creates on-premise solutions for their network infrastructure or builds out a cloud, they’ll always have to start out with an account with god-like power that will control all other accounts accessing that resource going forward in the future.

IT Security: The Scary New Hacking Trend
Data Center Journal
Philip Lieberman

 
Starting with Operation Aurora—the brazen 2009 cyber attacks on Google and other large enterprises—through to the recent high-profile data breach that shut down certificate authority (CA) DigiNotar and the recent breach of VeriSign, hackers have learned to exploit a frightening and frequently ignored lapse in network security to gain control of victim networks. Philip Lieberman, President and CEO of Lieberman Software, explains what you can do to mitigate the risks of falling prey to this scary new hacking trend.

Preventing ITIL Failure in Four Easy Steps 
TechWeek
Philip Lieberman

 
Rather than respond to each unauthorised change, IT management can now take advantage of software that allows them to determine in advance who can change configuration settings, at what time, with least privileges necessary – while fully documenting the stated purpose of each change. Because this category of software – called Privileged Identity Management (or PIM) – provides an authoritative record of who accessed what system or application, when, and for what purpose, it helps to create a culture of accountability within IT.

Five Golden Rules for a Secure Cloud Migration
Virtual Strategy Magazine
Philip Lieberman

 
Survey after survey has revealed that security is the top concern voiced by prospective customers about cloud computing and its outsourced, on-demand business model. Worries over data privacy may prove to be service providers’ greatest roadblock to new business. In addition, the risks of a data breach seem certain to grow as a service provider’s infrastructure expands and its IT staff becomes more numerous and decentralized.

Can You Trust Your Cloud Data Center Security?
Data Center Post
Philip Lieberman

 
The fact that so many cloud providers – large and small – have no interest in managing privileged identities and segregating duties to limit access to sensitive data and systems should give customers pause before putting their most precious data and resources in the hands of many providers. 

Generic accounts are your SIEM blind spot
Computerworld
Philip Lieberman

 
Data breaches often involve the unauthorized use of highly privileged accounts, and when this happens most organizations are powerless to identify the individuals or processes responsible. The best that can be done is to change a few passwords and wait for the cycle to repeat itself. It's a Groundhog Day experience that's seen in far too many enterprises.

The Five Golden Rules for Success in Outsourcing
DataChain
Philip Lieberman

 
Outsourcing has worked well for some companies, but it can also lead to business-damaging disasters. The problem is that if outsourcers fail, you're left holding the baby without the resources to care for it. There is little margin for error in choosing an outsourcer, as Lieberman Software found in our recent survey at InfoSecurity 2011. We discovered that 77% of IT professionals surveyed said their outsourcers had made up work to earn extra money...Here are my five golden rules to ensure your outsourcing lifeboat doesn’t sink mid-stream.  

It's a Long Road to a Secure Cloud
Virtual Strategy Magazine
Philip Lieberman

 
When it comes to cloud computing, the security and compliance landscape is riddled with pitfalls and continues to shift...My opinion is that cloud security, particularly public cloud security, is wholly inadequate.

Security Secrets Your IT Administrators Don't Want You to Know
Info Security Magazine
Philip Lieberman

 
As valued members of your organization, IT administrators work every day to keep your infrastructure up and available. But in today’s rush to contain operational costs, your IT administrators could be taking more shortcuts than you’d expect. And perhaps no aspect of IT suffers more from cutting corners than security. Here are five facts about IT security that your administrators probably don't want executives and employees to know. 

5 Reasons Why Privileged Identity Management Implementations Fail 
Virtual Strategy Magazine
Philip Lieberman

 
As veterans of the privileged identity management (PIM) field, my colleagues and I hear some unsettling stories from organizations whose privileged identity management deployments did not provide the expected business value. We’ve also heard from organizations whose purchases led to years of expensive service engagements yet never delivered the agreed scope of work.

Security is About Compliance, Not Trust 
Virtual Strategy Magazine
Philip Lieberman

 
The word “trust” appears in the tagline for a great many security products and services. But in the business world what we often tout as trust simply boils down to an acceptance of risk and the expectation that we can transfer liability to other parties should that trust be broken. I contend that there is no place for the concept of “trust” in IT security. Examine a history of security breaches and you’ll see countless times when trustworthy past behavior fails to predict future actions.   

Legislation a Good First Step to Cybersecurity Leadership  
SC Magazine

Philip Lieberman
 
A year can make a big difference in technology – and in politics. A year ago, the federal government was failing badly at establishing a leadership position in cybersecurity. Interim cybersecurity czar Melissa Hathaway had resigned amid delays to appoint a full-time federal director. The politicians were thinking about anything but the defense of our nation's computing infrastructure. And the attacks kept rolling in. Fortunately, things for the good guys have improved. 

Best Practices for Watching the Watchers  
Enterprise Systems Journal

Philip Lieberman
 
The simple truth is that today virtually all IT staff enjoy anonymous, unaudited, 24/7 access to your data center applications, computers, and appliances through use of privileged account credentials. More IT auditors are beginning to notice that this lack of accountability has brought organizations out of compliance with key industry mandates -- SOX, PCI-DSS, HIPAA, and others. The bad guys have also taken notice, exploiting these all-powerful and often poorly secured credentials in many of the latest, headline-grabbing breaches that include the attacks on Google and other U.S. technology firms.  

Accountability and Transparency: Keys to Security in the Cloud  
Virtual Strategy Magazine
Philip Lieberman

 
Safeguarding a cloud infrastructure from unmonitored access, malware and intruder attacks grows more challenging for service providers as their operations evolve. And as a cloud infrastructure grows, so too does the presence of unsecured privileged identities – those so-called super-user accounts that hold elevated permission to access sensitive data, run programs, and change configuration settings on virtually every IT component.  

Security Training Alone Won't Solve the Negligent Insider Threat  
SC Magazine

Philip Lieberman
 
Today, if your organization runs a network, you're a target for attack. We may never eliminate the threat but with a sound, layered security approach we can do much to reduce its potential impact. And when it comes to mitigating the risks of negligent insiders, organizations need to move beyond basic training and look for ways to limit the damage. 

Mismanaged Privileged Accounts: A New Threat to Your Sensitive Data  
Tek-Tips Forum

Chris Stoneff
 
With no end in sight to new vulnerabilities that appear in desktop applications, web services, operating systems and even network appliances, how can organizations safeguard their most sensitive data from attack?

How GRC Principles Measure Security and Accountability   
Information Systems Security

Philip Lieberman
 
The mismanagement of privileged passwords (also known as privileged accounts and privileged identities) is the tip of the iceberg of GRC, but an excellent illustrative point of why mandated GRC exists and when it does not, what the repercussions are. Effectively, the privileged password problem is related to the fundamental issue that most organizations provide: too much access, to too much data, to too many systems, for too long, with no accountability and no controls.   

Understanding Shared Account Password Management
TechNet Magazine
Chris Stoneff
 
The issue of shared account password management must be addressed. This means you should obtain a method of reliably and regularly changing your passwords. The solution must be scalable and flexible. It must also provide secured access to the passwords, and it needs to audit every action taken by the tool as well as every action taken by every user of the tool. In addition, the passwords generated need to be unique on every system in order to avoid a break-in due to shared account information.