The User Account Control (UAC) feature of Windows Vista has taken more than its fair share of ridicule since its introduction. The UAC prompt can pop up quite frequently, but it serves a purpose and it is possible to configure or alter its behavior without completely disabling it.

By default, all Administrators run in Admin Approval Mode. This means that even Administrator accounts operate with lower privileges most of the time, and they will see the UAC prompt if or when actual Administrator privileges are necessary.

There are settings within Group Policy that allow you to modify the behavior of UAC. The five settings are described briefly below.
Full article…

Comments: No Comments

Somebody is Watching You

How would you feel if there were someone following your every move and keeping a written record of everywhere you go? Would it concern you that someone knew you were at the book store this morning for 2 hours and 13 minutes and that you bought 2 books and a large coffee? How about if they knew that after you left the book store you saw a movie, where you had a large popcorn, and then you went home to watch Seinfeld reruns and eat cold leftovers from your refrigerator?
Full article…

Comments: 5 Comments

In an article by Bruce Byfield, Configuration: the forgotten side of security, I was one of several people interviewed about proactive security. In response to one question about best practices for configuring UNIX systems, I provided five goals that I use in building systems. I did not think that it would be included in the article or even a section.

Here are the goals:

1) Build for a specific purpose and only include the bare minimum needed to accomplish the task.
2) Protect the availability and integrity of data at rest.
3) Protect the confidentiality and integrity of data in motion.
4) Disable all unnecessary resources.
5) Limit and record access to necessary resources.

These goals are intentionally generic. The specifics on implementation vary based on the operating system and software used. There many security configuration guides for every operating system available. The problem is that these documents are outdated quickly. (I am intimately familiar with this problem having written one for Solaris [PDF] and updated it three times.) Having a generic set of goals help guide the implementation regardless of the systems and software used.

Comments: 2 Comments

SPAM is a security issue. Why? Well, it drains away precious organizational resources. It reduces worker productivity by increasing time spent handling message, slowing messaging services, and inhibiting users from using electronic communication. SPAM increases the cost of doing business when effective use of electronic communication should be lowering the costs. SPAM has moved from an email problem to a problem that affects instant messaging, SMS messaging, blog comments, chat forums, newsgroups, online games, and wikis. The direct costs come from SPAM filtering services and software, hiring technicians to deal with the SPAM problem, deploying additional equipment to deal with the increasing amounts of SPAM, and purchasing additional network bandwidth and storage capabilities to handle the increasing size of our inboxes. SPAM affects the availability of electronic communication services and inhibits an organization’s ability to conduct business efficiently. In my opinion, that makes it a security issue.
Full article…

Comments: 2 Comments