April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

OPINION / The support security bubble

By Nathan McNeil

If there is anything we should have learned from the economic debacle of the last two years, it is that the status quo is not safe. And yet we continue building upon it until right past the point of collapse. It has happened time and again in our markets, and it is happening in IT support as we speak.

For many years, IT support in both the public and private sectors has been concerned with securing others; making sure that each new employee is properly locked down and firewalled. However, little attention has been given to securing IT support itself, and in particular, securing the essential tools of the support trade: remote access and remote control.

Without these tools, many federal agencies would grind to a halt, no longer able to leverage a limited support staff across a distributed user base. And yet when the Verizon Business RISK team investigated over 500 actual data breaches between 2003 and 2007, they found that, “In over 40 percent of the breaches investigated during this study, an attacker gained unauthorized access to the victim via one of the many types of remote access and control software.”

Verizon went on to say: “IT administrators were responsible for more data compromises than any other insider role.”
 
It needn’t take a catastrophic security breach to pop our perception of safety. As with other bubbles, a return to the fundamentals offers a way out before the inevitable burst. An April 2009 report by Gartner, entitled PC Remote Control Security: Risks and Recommendations, offers a few practical but rarely practiced recommendations:

“Include at least one additional user authentication challenge to strengthen remote control access against attacks.”

“Block forbidden PC remote control tools using group policy objects or application control tools.”

“Build a list of unsupported remote control tools, and add them to scans for inventory, vulnerability and intrusions.”

“Do not select tools that rely on a publicly accessible directory system; instead, bring the directory system in-house.”

Perhaps the most important recommendation Gartner makes, however, doesn’t seem to relate directly to security: “Create a strategic vision for the use of remote control.”

A strategy, though, is vital if you hope to deflate the bubble gradually, rather than let the irrational exuberance of the status quo lure you one small step past the bursting point.


As VP of product strategy, Nathan McNeill is responsible for aligning Bomgar technology with the needs of Bomgar's 5,000+ customers. He can be reached at: [email protected]

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...