I just read an article over at Dark Reading that made me laugh, and almost cry at the same time. An employee at the Defense Department was just arrested for accessing unauthorized data. And how did the he gain access? By using a password that he received in order to access another classified message that he had authorized access to. Despite automated security warnings (that the employee ignored, and didn’t even bother to read), the employee was able to access the classified data on two separate occasions.
So what’s wrong with this picture? Two words: Least Privilege. Why does a privileged identity have unrestricted access? The password that the employee was provisioned with should only have allowed him access to data that he had legitimate access to and nothing else. On top of that, there should be some type of attestation to verify the access rights of these privileged accounts.
It’s laughable to think that warning messages was the only thing that stood between the employee and the classified data. You could make the argument that he shouldn’t have been snooping into the restricted area in the first place, but that would just plain be naïve. Let’s face it; access policies are put in place to protect data owners from this sort of thing, and to protect employees from themselves! Looks like the Defense Department needs to review their access management a bit.
It’s been a good while since my last post, so I figured I’d avoid fulfilling the duty by linking to an article written by one of my heroes, Gina Trapani.
In our line of work, working remotely and staying productive is a must. But at the same time, it’s also very easy to get engrossed in that work and become reliant on quick emails or IMs to communicate. Gina suggests setting up regular voice or video chat check-ins to get some voice or face time with coworkers and clients alike. Check out Gina’s article over at the Harvard Business blog
I’m currently on a train, riding up to attend Converge 2009 hosted by Courion. This year, Courion will be introducing the concept of Access Assurance and how it ties to user provisioning, password management, access compliance and role management. What’s your organization’s need for Access Assurance? Here’s one of the reasons:
In today’s climate of economic uncertainty, organizations more than ever need a comprehensive approach to access governance, provisioning and compliance management that will increase operational efficiency and transparency, strengthen security, and improve compliance – all while delivering quick time to value and the lowest total cost of ownership.
Looks like more acquisition news coming from Oracle. Hot on the heels of their industry shifting acquisition of Sun, Oracle just announced the purchase of Virtual Iron. The deal is expected to close this summer.
Launched in 2001 as Katana Technology, Virtual Iron is a virtualization software maker. The company’s main target has been small and medium-sized enterprises.
What does this mean for top three in the virtualization software industry? VMWare, Citrix, and Microsoft will definitely feel the pressure as Oracle will be benefiting from Virtual Iron’s expertise and resource management tools.
This morning, a piece of news hit me like a stack of bricks: Oracle will acquire Sun for approx $7.4 billion.
We can surmise that Oracle was licking its chops just thinking about MySQL complementing Oracle’s database business. Another huge gain for Oracle is Java, which is what Oracle based their middleware strategy on.
This being an identity management blog, I need to put the question out there. What are the ramifications of this acquisition do in the identity space? Is Oracle now the official big man on campus? Has this effectively strengthened Oracle’s weakness in their Identity Management offering (mainly role management)?
Date: Friday, Jan 16th
Time: 1:00PM EST / 10:00AM PST
Duration: 1 hour
Need access to files in an ISO on your linux machine? Simply use the MOUNT command to mount that iso as a directory.
First create a directory to mount the ISO to. In this example, we’ll create the directory in the /mnt directory. Make sure you’ve got write permissions on the directory where you’ll be creating the new directory.
Now you can mount the ISO onto the newly created directory
mount -o loop -t iso9660 /tmp/some.iso /mnt/SomeISO
That’s it. You can now navigate to the directory (CD /mnt/SomeISO) to access the files in the ISO you just mounted.
To unmount the iso, use UMOUNT command:
How do you send the ctrl+alt+delete command to a machine that you’re remotely connected to through Terminal Services or Remote Desktop? Simply hit ctrl+alt+end and this will send the ctrl+alt+delete command to the remote machine.
And the battle for your online identity heats up! In the blue corner: Google Friend Connect. In the red corner: Facebook Connect. These new services allow websites to add social features to their site, allowing viewers to sign in and interact without having to create a user or account on that website. Will Google or Facebook succeed where OpenID could not?
In the spirit of today’s holiday, I figured I would run down a list of software tools that make an identity management implementation that much easier.
– SSIS [Windows]
Whether it’s sanitizing, organizing, or just moving large amounts of data, this tool does it all and more.
– Notepad++ [Windows]
This super text editor is a must have for anyone who does light or even heavy coding. One great feature that this editor offers is the ability to display text in different coding languages such as SQL or VB, which makes coding a whole lot easier on the eyes.
– Grep [Linux]
A lean, mean, command line tool used to search for string patterns or regular expressions in text files. There’s no doubt that grep is one of the most powerful *nix commands in your command line arsenal.
There’s a wealth of information out there on the web, especially code. When you’re on an implementation, the last thing you need eating up your time is having to reinvent the wheel. Google it!
Have any tools that you’re thankful for?