“
The more times a user is logged in to the network, the harder it is to determine if that user is really the person who logged in.
Limiting the number of concurrent connections to two or even one makes tracking users’ network access easier and provides an additional level of security by reducing the number of Iogged in but unattended workstations.
Administrator accounts, in particular, should have limited concurrent connections. If an administrator should receive a denied login due to a current connections limit he would immediately know that his account had been compromised, or that another login had been inadvertently left active.
” —Protecting Your Network Against Known Security Threats (Novell Research)
Prevent/limit concurrent logins to your Windows network using UserLock
According to several recent studies, the most costly or damaging attacks against information systems are more often caused by insiders (employees or contractors with authorized access).
Taking this fact into account, we developed an enterprise software solution named UserLock, whose main goal is to protect Windows networks from careless and/or fraudulent users, thus efficiently mitigating insider threat.
UserLock allows IT security teams to:
- prevent or limit simultaneous logon (same ID, same password), per user or user group
- record all session logging and locking events in an ODBC database (Access, SQL Server, Oracle, MySQL,…) for future reference
- monitor user sessions in realtime (who is connected, from which workstation(s), for how long…)
- remotely lock, logoff and reset all interactive sessions
- define working hours and/or maximum session time for protected users and disconnect users with prior warning outside of the defined timeframe(s) and/or when time is up
- restrict user group’s network access per workstation or IP range
- notify all users prior to gaining access to a system with a tailor-made warning message (legal disclaimer, etc.)
- …
More than 750,000 UserLock licenses are already in use by worldwide security-demanding organizations including:
BAE Systems, Banco de Costa Rica, Barclays Bank, BMW, Computer Sciences Corporation, Frito-Lay, Lockheed Martin, Mitsubishi, National Bank of Kuwait, South Wales Police, Telcel, United Nations Organization, US Department of Justice, US Department of Veterans Affairs, US Navy Marine Corps, TimeWarner, …
You will find information about UserLock on our website and this whitepaper will provide you with further details about holes in Windows native login controls and how UserLock fills them in and helps organizations to comply with major regulatory constraints (HIPAA, SOX, PCI, NISPOM, DCID 6/3 - ICD 503, GLBA, US Patriot Act, FISMA…).
Get your free, fully-functional, 180-day copy of UserLock
IS Decisions is an innovative and rapidly growing international software vendor, specializing in Security and Change Management solutions for Microsoft Windows-based infrastructures, headquartered in Biarritz (France).
Our work environment suits action-oriented people:
- with initiative to take on tasks and grow with the job as roles and requirements expand,
- who have a passionate, entrepreneurial spirit and enjoy working in a team environment with a positive “get the job done” attitude.
IS Decisions’ client base includes world class companies such as:
Airbus, Alcatel, American Express, AXA, Bank of Tokyo, Boeing, Ernst & Young, Glaxo Smithkline, Hewlett-Packard, HSBC, Konica, IBM, Lockheed Martin, L’Oréal, Mitsubishi, ONU, Siemens, Smurfit Stone, Time Warner, US Department of Justice, US Air Force, US Army, US Navy, Virgin, …
IS Decisions is currently seeking its International Business Development Manager:
Responsibilities
You will:
- Sell software solutions to medium and large accounts worldwide
- Lead, motivate, manage and develop our Sales Team
- Manage and develop our international partners’ network
- Contribute to our marketing strategy
- Directly report to our CEO
Skills requirements
- English as first language and fluency in French
- 5 years minimum experience in a similar position (Microsoft technological environment)
- Solid technical understanding of Microsoft Windows platforms (large accounts)
- Outstanding relationship building skills with a high degree of responsiveness and integrity
- Strong verbal and written communication skills
- Proficient with Microsoft Office (knowledge of Microsoft Dynamics CRM 4.0 a plus)
Benefits
- Highly competitive salary (to be negotiated, based on experience and indexed on performance)
- Supportive and cool office environment
- Great benefits package
- Outstanding geographic location (5 minutes from the Basque Coast beaches)
Success criteria
- Your primary objective is to meet or exceed quota
- You get things done within the context of what exists and work constructively to build upon it
- You are an energetic, upbeat, team player
If you are interested in this position, please send (under reference W3/IBDM) detailed resume, photo, cover letter with salary requirements and date of availability by Email to jobs [at] isdecisions.com or to:
IS Decisions
Ressources Humaines
Technopole Izarbel
BP 12
64210 BIDART (France)
CERT, Carnegie Mellon University Software Engineering Institute’s center for conducting and coordinating information security research, has released the Common Sense Guide to Prevention and Detection of Insider Threats, Version 3.1.
This valuable, insightful document (PDF - 88 pages) provides a comprehensive range of best practices to mitigate insider threat. And UserLock, our software solution to secure access to Microsoft Windows-based networks, can greatly help implementing a large part of them.
CERT BEST PRACTICE 2: Clearly document and consistently enforce policies and controls
“A consistent, clear message on organizational policies and controls will help reduce the chance that employees will inadvertently commit a crime or lash out at the organization for a perceived injustice.”
UserLock allows notifying all users prior to gaining access to a system with a tailor-made warning message.
These messages can for example include:
- a tailor-made legal disclaimer, including acceptable use of organization’s systems, information, and resources
- last workstation logged on
- date and time of last successful logon
- history of all logons denied by UserLock and Windows since last successful logon
- number of logons denied by UserLock and Windows since last successful logon.
CERT BEST PRACTICE 4: Monitor and respond to suspicious or disruptive behavior
“One method of reducing the threat of malicious insiders is to proactively deal with suspicious or disruptive employees.”
UserLock allows real time session surveillance and monitoring; at all times, a system administrator knows who is connected, from what workstation(s), since when… and can remotely lock, logoff and reset all sessions, either from the administration console or the Web interface.
CERT BEST PRACTICE 7: Implement strict password and account management policies and practices.
“If the organization’s computer accounts can be compromised, insiders can circumvent manual and automated control mechanisms.”
UserLock allows:
- simultaneous logon (same ID, same password) limitation or prohibition, per user or user group, thus reducing the ability of users to share their credentials and preventing accountability and non-repudiation issues.
- defining working hours and/or maximum session time for protected users. Outside of this (these) timeframe(s) and/or when time is up, users will be disconnected with prior warning.
- user group’s network access restriction per workstation or IP range. By doing this, users can be limited to their own workstation, department, floor, building…
CERT BEST PRACTICE 12: Log, monitor, and audit employee online actions
“Logging, monitoring, and auditing can lead to early discovery and investigation of suspicious insider actions.”
As seen here above, UserLock allows real time session surveillance and monitoring, but it also records all session logging and locking events in an ODBC database (Access, SQL Server, Oracle, MySQL …) for future reference.
Reports can automatically be generated at regular intervals, in order to update an Intranet Web site, or being sent by Email.
UserLock provides predefined reports, including:
- Session History: Comprehensive session list (logon, lock, logoff instances, users, domains, workstations…)
- Session Statistics: Displays for a given user and period, total sessions, total connection time, average time per session, per worked day or per week.
- User Sessions: Instantaneous view of all user session at display time.
CERT BEST PRACTICE 14: Deactivate computer access following termination
“It is important to follow rigorous procedures that disable all access paths into the organization’s networks and systems for terminated employees.”
With UserLock, an administrator can within seconds remotely lock, logoff and reset all sessions, either from the administration console or the Web interface.
Windows native features will indeed not prevent an employee to log onto his/her workstation even if his/her account has been disabled and deleted…
In-depth information in our whitepaper “Eight Holes in Windows Login Controls”
Detailed information about UserLock and free, fully-functional 180-day trial version
Our software solution FileAudit has just been mentioned in an article titled “10 ways to make sure your data doesn’t walk out the door”, written by Deb Schinder and published on TechRepublic website.
This article provides an up-to-date look at critical areas of concern when it comes to preventing data theft perpetrated by insiders.
Among useful advice, Deb Shinder recommends to use third-party auditing solutions that can audit file access across multiple storage sites and mentions FileAudit.
From its own console or with a simple right click in Windows Explorer, FileAudit indeed instantly provides IT Security teams with an error ridden and comprehensive list of:
- read/write accesses
- appropriation attempts (accepted or denied)
- permission modification attempts (accepted or denied)
each record detailing:
- the user
- the domain
- the date and time of connection and disconnection
for:
- a file
- a selection of files
- a folder and subfolders
- a selection of folders and subfolders
FileAudit is officially compatible with Windows 7 and can also :
- be scheduled to automatically archive into a database, at regular intervals, the access events occurring on one or more Windows systems for permanent storage.
- display file/folder access history in a printable report that can be scheduled to run automatically.
- export generated results in ASCII format, allowing their use in view of an audit or for subsequent analysis and control.
Download a free, 30-day fully-functional copy of FileAudit
We just created a new set of ads to promote our Security and Change Management software solutions for Microsoft Windows-based infrastructures.
And we’d really enjoy getting your feedback (good or bad) about them.
So please leave a comment or tweet us!
- UserLock secures access to Windows networks, comprehensively reports on user sessions and efficiently mitigates insider threat:
- FileAudit monitors, archives and reports on accesses (or access attempts) to sensitive data stored on Microsoft Windows systems:
- WinReporter audits and reports on all Windows assets (hardware, software, settings, eventlogs) across the entire corporate network:
- RemoteExec performs remote installations, updates and system actions on all Windows systems across the entire corporate network:
“
We use Userlock - really like it … Ontop of restricting the students to one login.
A while back we strongly suspected that a staff account had been compromised and via UserLock had it set to email me as soon as this member of staff signed in anywhere …
Needless to say the student was caught red handed whilst sat there looking at “applying personal settings” waiting for the staff desktop to appear!
” — Quoted from a System Administrator (and a UserLock customer) in a British University (in Edugeek Forums)
IS Decisions just released RemoteExec 4.05, the latest version of our software solution designed to remotely perform installations, updates and system actions on Microsoft Windows servers and workstations.
This security update resolves a Secunia reported vulnerability in RemoteExec 4.04 (and prior versions) that could be exploited to cause a stack-based buffer overflow by tricking a user into loading a “.rec” (RemoteExec Computers List) file having an overly long line (e.g. of 9000 characters).
Even though .rec files are not associated with RemoteExec, an administrator might still be tricked into loading a malicious “.rec” file, or a normally trusted “.rec” file could be altered if hosted in a compromised environment.
The requirement for user interaction and the trust factor significantly lower the criticality of the vulnerability, but they do not completely eliminate the risk.
We therefore strongly advise RemoteExec users to update their RemoteExec licenses as soon as possible.
RemoteExec 4.05 can be downloaded from IS Decisions website.
We wish to express our sincere thanks to Secunia and Parvez Anwar for helping us keeping our software solutions secure.
PC Mag has just reviewed UserLock, our software solution that secures access to Windows networks, comprehensively reports on user sessions and efficiently mitigates insider threat.
This in-depth review has been performed by Samara Lynn, Network Analyst, and published on March 2010, 12th.
We cannot resist the pleasure of quoting some extracts from this review:
- BOTTOM LINE: it’s an impressive product
- Takes away pain using Group Policy for user account control. Intuitive interface. Easy install.
- UserLock efficiently and quickly handled restricting users from network access
- Windows administrators will feel right at home here.
- At a price of $10.50 USD per user session, (the price goes down as the amount of user session licenses purchased goes up) it won’t break the bank, either.
- Setup’s a cinch
- Adding a user account is as easy in UserLock as it is to give folder permissions to a user in Windows.
- The big advantage of UserLock though, is its simplicity.
- More important, [UserLock] aids in shoring up network security.
- Overall, UserLock is a solid tool that any Windows Network Administrator should consider adding to their network management toolkit if tight user access control is mandatory for their organization.
Read the full review in PC Mag
Get a free, fully-functional, 180-day copy of UserLock
Introducing Windows Server 2008 R2, by Charlie Russel and Craig Zacker with the Windows Server Team at Microsoft, can be downloaded here.
Here is the book’s Content at a Glance:
Introduction xvii
Chapter 1 What’s New in Windows Server R2 1
Chapter 2 Installation and Configuration: Adding R2 to Your World 9
Chapter 3 Hyper-V: Scaling and Migrating Virtual Machines 25
Chapter 4 Remote Desktop Services and VDI: Centralizing Desktop and Application Management 47
Chapter 5 Active Directory: Improving and Automating Identity and Access 65
Chapter 6 The File Services Role 91
Chapter 7 IIS 7.5: Improving the Web Application Platform 109
Chapter 8 DirectAccess and Network Policy Server 129
Chapter 9 Other Features and Enhancements 147
Index 163