Saturday, August 28, 2010

Location services pose huge security risks

Interesting article in USA Today regarding this topic. What interested me about the article was the two real-life stories associated with the story:
Sylvia was dining out with a friend. The restaurant manager interrupted her dinner to tell her she had a phone call. It was from a complete stranger who tracked her online. He had described her to the manager.
Louise was at a bar with colleagues. A stranger began talking to her. He knew a lot about her personal interests. Then, he pulled out his phone and showed her a photo. It was a picture of Louise that he found online.
Both of these stories are true. And they're very unnerving. There is also a common thread. The women were tracked by something known as "geotagging."
Kim Cameron and others have been blogging about the privacy of location information – especially in light of the revelations about the Google street view service. This article brings to Earth exactly what the ramifications of the abuse of this information can lead to.

Technorati Tags: ,

Monday, August 09, 2010

Is IAM relevant to the Business?

This is a really important question. And by business I mean your business, your employer. Or is IAM simply something that makes the IT administrator’s and auditors' lives easier? This question will be addressed at this fall’s Gartner Identity & Access Management Summit 2010, November 15 – 17, in San Diego. I cut/paste a couple of questions and answers from Ray Wagner’s discussion on key trends in IAM – emphasis is mine. I’m willing to bet many organizations are still at the lowest level of maturity. You may have automated some processes but are you relevant to the business?

Q: The theme of this year’s conference—Transforming IAM: The New Business Intelligence Connection—is something of a departure. Why?
RW: Maturity is beginning to happen for many organizations. Now it’s time to talk about the next step. Once you have a set of well-documented processes and a mature infrastructure in place, you can begin to look at ways to utilize that infrastructure to generate more value for the organization. IAM and business intelligence are closely linked. What can an organization do with the output of its IAM systems? The reporting and intelligence that go along with providing access and control to individuals can be extremely useful in making business decisions.
We’ll also cover the foundations of IAM, technologies, current trends and the IAM marketplace at the conference, because there’s still a long way to go for most organizations to attain maturity. We’ll look at how to create the IAM program, including governance, project management, architecture and technologies, and do workshops to assess where you are in the maturity cycle. But we’ll also take a close look at what a modern and mature IAM infrastructure can bring to the business beyond the obvious.

Q: What changes need to be made to start leveraging IAM for business intelligence?
RW: Organizations don’t need to make big changes, given that they are cognizant of the IAM maturity cycle and their place in it. They need to reach a medium- to high-level of maturity. At that point, you can start using IAM to drive business intelligence, and that’s where things get interesting. However, maturity is something all organizations need to work on. At the lowest level, you may not have an identity team and your processes may still be completely ad hoc. If so, you’ll benefit from formalizing your IAM processes and then looking at ways to streamline them, in particular at technologies that will give you more insight into your IAM operations and what they mean for the business. Only at that point can you get the benefits we’re talking about with BI.
Not everyone is ready to start doing BI with IAM today. However, there’s no question that a mature IAM program can contribute to BI and business initiatives in a positive way. It’s time to start thinking about it and getting ready for it.

Friday, August 06, 2010

Tax collector accessed private files for gain

This story, from the Vancouver Sun, goes to show you that we don't do enough to protect our computer files and systems. Just because you have authenticated to a computer doesn't mean you are authorized to poke around the file system. In this particular case, it's clear that the Canadian federal agency - the equivalent of the IRS - doesn't have proper software controls in place otherwise they would have caught this thief earlier.

What's even more worrisome to me is that the thief's name hasn't been released nor has a criminal investigation been kicked off.

Tax collector accessed private files for gain

Tuesday, August 03, 2010

Quest Software Introduces the Next Generation of Active Directory Bridge Technology

We officially announced the 4.0 release of Quest Authentication Services today:

Quest Software, Inc. (Nasdaq: QSFT) introduces the next generation of Active Directory Bridge Technology with the newest version of Quest Authentication Services. This patented technology allows Unix, Linux, and Mac systems to act as full citizens within Active Directory by enabling administrators to extend the authentication, authorization and administration infrastructure of Active Directory to the rest of the enterprise.
New benefits of Quest Authentication Services include:

Auditing and Alerting
  • Enables administrators to audit, report and alert on users who make changes to critical Unix data stored in Active Directory
  • Gives full visibility and change alerting into who made changes, to what, when, where, and even why
One-time Password Authentication
  • Provides an additional layer of out-of-the-box security requiring Active Directory users to use a one-time password to authenticate to any and all Quest Authentication Services-supported Unix systems
  • Integrations include two-factor group policy support, and hardware and software tokens
Web Console
  • Ties identity related tasks together for a centralized point of identity management for Unix that can be run from any Unix, Linux, Windows, or Mac platform, and any of the most common browsers
  • Provides administrators with simplified deployments, expands management to local Unix users and groups, and offers granular reports on key data and attributes with easy-to-use access over many of the deeper functions only available through Authentication Services
Advanced Group Policy Management
  • Provides macro support, which enables a single GPO to be re-used across multiple Unix systems
  • Offers additional Mac OS X Group Policy support
Enhanced Privileged Account Management
  • Provides control  over security initiatives to determine which users can access which system, and what elevated rights they have in Unix systems
If you're interested in taking a look at QAS 4.0 you can download your trial version here:

Monday, August 02, 2010

Deploying QAS remotely – no more sneaker net!


One of the things that QAS customers will appreciate in the new Quest Identity Manager for Unix console is that QIMU can be used to deploy the QAS agent on *nix box remotely. No more need to script, visit or otherwise figure out how to deploy the agent. In addition to remotely installing the agent you also have the ability to check the Active Directory readiness of the targeted machine. This really simplifies the installation of the agent by double-checking all of the settings on that remote host to ensure that QAS can be successfully deployed and started.

I’ve already heard from a number of customers who have used QIMU to deploy, test and put QAS into production all without technical help from a consultant!