Our 4 software solutions have been nominated for the 2011 Windows IT Pro Community Choice Awards.
You use and appreciate them? Please help us creating awareness about our innovative Infrastructure & Security Management solutions for Microsoft Windows by voting for them before September 7th (it will only take 2 minutes of your time)!
- UserLock
UserLock limits concurrent logins, restricts access, monitors, alerts and reports on session activity throughout the corporate Windows network.
Nominated in category #22: Best Security Product
- RemoteExec
RemoteExec remotely installs applications, executes programs/scripts and updates files and folders on Windows systems throughout the network.
Nominated in category #6: Best Deployment/Configuration Product
- FileAudit
FileAudit monitors, archives and reports on access (or access attempts) to sensitive files and folders stored on Microsoft Windows systems.
Nominated in category #3: Best Auditing & Compliance Product
- WinReporter
WinReporter retrieves detailed information about hardware, software and security settings from Windows systems and automatically generates reports.
Nominated in category #25: Best Systems Monitoring Product
You can also show your appreciation for the great job performed by our dedicated Technical Support Team by voting for IS Decisions as “Best Vendor Tech Support” (category #30).
Cast your vote now and thank you in advance for your valued support!
The article below is a guest post by our US partner Information Systems Laboratories). ISL offers a wide range of services to help companies implement or improve a corporate cyber/information security program, including independent IT security evaluations, threat and vulnerability analysis and incident response plans.
ISL has entered a partnership with IS Decisions, as they recognize UserLock and FileAudit as efficient software solutions to implement FISMA/NIST compliance for 3 key NIST 800-53 control families:
- Access Control (AC)
- Identification and Authentication (IA)
- System and Information Integrity (SI)
UserLock limits concurrent logins, restricts access, monitors, alerts and reports on session activity throughout the corporate Windows network.
FileAudit monitors, archives and reports on access (or access attempts) to sensitive files and folders stored on Windows systems.
Hope you enjoy the article and I look forward to your comments,
François AMIGORENA
President & CEO
In the United States, FISMA Compliance is a matter of national security. To elevate its importance, all federal agencies are given an annual – and very publicly available – grade based on the effectiveness of their IT security programs. As a further incentive, if after failing a compliance assessment, in addition to the publication of your failing grade, your CIO may be greeted with a congressional hearing. If that is not enough, after the hearing, the Office of Management and Budget (OMB) may just cancel or delay funding of your government programs - none of which would be considered welcome news nor career-enabling.
Whether you work for a corporation or government agency, the importance of ensuring your data is safe goes without saying. In fact, the larger your corporation, the government places more importance on your data, thus moving you closer to the same requirements government agencies have.
The Federal Information Security Management Act (FISMA) was devised to assist agencies and departments of the federal government in securing their data. Chief Information Officers (CIOs), Inspectors General (IGs) and officials of government programs are required to conduct annual reviews of their information security program and report their findings to the Office of Management and Budget (OMB). The OMB then reports to Congress on each agency’s compliance. The annual report also must include an independent cyber security evaluation
As an agency of the U.S. Department of Commerce, the National Institute of Standards and Technology (NIST) has developed a set of controls and guidelines supporting FISMA which Federal agencies and organizations supporting them must follow.
The 18 control families and their 205 respective controls covered by NIST 800-53 encompass everything from physical security to information systems security to spam prevention and has been designed to work for any organization - as long as the controls are selectively chosen and implemented. For the cyber security novice, though secure, implementing all the controls to their fullest extent would not only be prohibitively expensive but would severely cripple the organization’s ability to function efficiently which is in direct conflict to the purpose of these controls. The intent is to take a calculated risk-based approach to security by implementing just the right amount of controls. Doing so not only saves money, but also helps to improve your organization’s operational efficiencies. Maximizing these benefits is where the assistance of trained Cyber Security professionals is critical. The best Cyber Security Evaluation companies are those who take the necessary time to learn your environment and processes to ensure the optimum controls are selected and adhered to.
Below are some of the points contained within each of the control families. For a complete view into each control, we recommend ISL’s Cyber Security Search Engine.
Control: 22 | Class: Technical
The 22 controls making up this family provides security guidance with a focus on access control-based policies and procedures, remote access, access control lists (ACL), etc. helping to ensure access to physical and computer-based information systems are restricted to authorized individuals only.
Access Control: a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system.
Control: 5 | Class: Operational
The intention of these 5 controls is to ensure a Security Awareness and Training policy is established along with its respective procedures and sufficient security awareness training programs are employed.
Awareness: Activities which seek to focus an individuals attention on an (information security) issue or set of issues.
Training: strives to produce relevant and needed (information) security skills and competencies. The most significant difference between training and awareness is that training seeks to teach skills, which allow a person to perform a specific function, while awareness seeks to focus an individuals attention on an issue or set of issues.
Control: 14 | Class: Technical
The purpose of this set of 14 controls is to have the organization identify, audit, track and report on particular events that could be a security risk.
Audit: Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.
Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.
Control: 7 | Class: Management
This set of 7 controls ensures the organization has a Security Assessment Plan which specifies the included controls and enhancements, their procedures and the selection of an independent assessment team to conduct an impartial assessment. In the event the assessment is conducted by an internal team (because the company is small for instance), the results of the assessment are to be reviewed and analyzed by an independent team of experts such as by ISL’s Cyber Security Evaluation team (Information Systems Laboratories).
Control: 9 | Class: Operational
The intent of these 9 controls is to ensure the organization has a Configuration Management policy and formalized procedures in place to establish baseline configurations, change control, security impact analyses, component inventory, etc. to help ensure changes to systems are tracked since even minor changes can have severe security implications.
Configuration management is unique identification, controlled storage, change control, and status reporting of selected intermediate work products, product components, and products during the life of a system.
Control: 10 | Class: Operational
Contingency planning for information systems is part of an overall organizational program for achieving continuity of operations for mission/business operations. Contingency planning addresses both information system restoration and implementation of alternative mission/business processes when systems are compromised.
Control: 8 | Class: Technical
Identification: An act or process that presents an identifier to a system so that the system can recognize a system entity (e.g., user, process, or device) and distinguish that entity from all others.
Authentication: A process that establishes the origin of information or determines an entity’s identity.
Control: 8 | Class: Operational
The 8 controls contained within this family guide the organization in the creation of a incident response policy and procedures to assist the proper response to an incident that may jeopardize the organization’s information system.
Control: 6 | Class: Operational
The intent of these 6 controls is to have the organization develop a System Maintenance Policy and supporting procedures to ensure the organization schedules, documents and reviews all maintenance and repairs of systems; uses approved maintenance tools; employing strong identification and authentication for remote maintenance, etc. In other words, these are operations required to keep hardware, software, data, etc. in good working order.
Control: 6 | Class: Operational
The 6 controls within the Media Protection family is to ensure the organization creates a Media Protection policy and supporting procedures to ensure proper steps are taken to protect data and prevent unintentional access and loss.
Control: 19 | Class: Operational
The 19 controls within this family help to enforce measures to protect information systems from unauthorized physical access.
Control: 6 | Class: Management
This family of 6 controls encourages the development of a System Security Plan, online rules of behavior for employees along with a security planning policy and procedures.
Control: 8 | Class: Operational
The intent of the Personnel Security control family is to provide guidance in the hiring, security management and termination of employees.
Control: 5 | Class: Management
The Risk Assessment control family directs the organization in the creation of a Risk Assessment Policy and resulting procedures in order to assess the potential and magnitude of harm in the event of unauthorized access of information systems. In addition to the understanding of the potential risks, software and hardware solutions are implemented to help mitigate risk by identifying and addressing vulnerabilities.
Control: 14 | Class: Management
The System and Services Acquisition control family exists to ensure the budgetary means to support the ongoing security needs of the organization are established; systems are properly documented; software licensing is documented and enforced; peer-to-peer file sharing is not used to share unauthorized data or copyrighted material, etc.
Control: 34 | Class: Technical
The System and Communications Protection control family consists of 34 controls. However, this is a little misleading as 11 of the controls have been withdrawn leaving 23 active controls. The breadth of this control family covers topics such as the physical and/or logical separation of system management interfaces from user functionality; security from non-security functions of the system; the prevention of unauthorized transfer of information from a commonly shared resource such as system memory; the protection of systems from Denial of Service attacks (DoS attacks); even the priority of system resources is called into question to ensure low priority services don’t negatively impact those of a higher priority.
Control: 13 | Class: Operational
Some of the purposes behind the 12 controls within the System and Information Integrity control family are to identify, report and correct flaws in code including proper error handling; protection from malicious code such as viruses, Trojans, and spyware; monitoring of systems; the reception and reaction to internal and external security alerts; detection of unauthorized changes to data and software; protection from spam and predicting and preventing the failure of systems.
Control: 11 | Class: Management
The 13 controls within the Program Management family directs the organization to develop an Information Security Program Plan, a process to ensure Plans of Action and Milestones (POA&M) are properly worked, etc.. Appointing a Senior Information Security Officer (SISO) or if your organization is a federal agency, a Senior Agency Information Security Officer (SAISO) are among some of the other directives to ensure the information security program is established and in working order.
Though this overview vastly simplifies the complexities and nuances of cyber security, we hope you have found this helpful. Should you have questions or would like to explore how your organization measures up to these and other controls, let us recommend our partner, Information Systems Laboratories (ISL).
Contact them if you are interested in receiving an Independent Cyber Security Evaluation.
You can also download free trial versions of UserLock and FileAudit from our website.
“It is almost never safe to download executable programs from peer-to-peer file sharing networks because they are a major source of malware infections.” — Brian Krebs on KrebsOnSecurity.com
We are pleased to announce the UserLock 6.0 Beta Testing Program.
UserLock limits concurrent logins, restricts access, monitors, alerts and reports on session activity throughout the corporate Windows network.
UserLock 6.0 is a major upgrade that comes with numerous new features and enhancements including:
- Time quotas: ability to define daily, weekly, monthly, etc. quotas.
- A third type of Protected Account: Organizational Units.
- Protection of IIS sessions (Ex: control access to Outlook Web Access or an Intranet).
- Ability to set the protected zone by selecting multiple computer Organization Units.
- Ability to define restrictions on workstations with computer Organizational Units.
- Audit and display session with local accounts.
- Specialized reports for RAS sessions (history, evolution and statistics).
- And more…
UserLock 6 beta will be ready in a couple of weeks. Would you like to test it?
Join our Beta Testing Program by filling out this online Web form.
We will share documents and resources and provide personalized technical support during your tests of the Beta.
Thank you in advance for your interest in UserLock 6.0!
Back in September 2010, Network World published an insightful article by Carolyn Duffy Marsan, titled «6 tips for guarding against rogue sys admins».
In this article, Carolyn underlined the fact that «one of the biggest threats that organizations face is losing sensitive data […] to theft from their own employees. The threat is greatest from systems and network administrators, who have privileged access to vast amounts of corporate data and are responsible for most compromised records in insider cases.»
Carolyn then described several practical steps IT departments can take to minimize the insider threat, including:
More easily said than done if you only rely on native Windows features. Windows lacks the fundamental and classic login session controls found in other environment like mainframe and midrange systems, UNIX and Netware.
UserLock comes in handy here, as this software solution allows CIOs to:
- limit or prevent concurrent logins to a Windows network, based on user, user groups or session types,
- restrict user access to the network with multiple criteria: workstations, time, business hours, and connection type,
- follow the session activity on the network in real-time and get detailed, graphical reporting,
- automatically receive popup or email alerts for specific events such as denied logins, successful logins and logoffs.
Here again, native Windows features are not really oriented to easily provide this functionality.
Imagine the following example:
A Sys Admin (let us call him John) is fired and knows that his dismissal is coming. John is logged on at 04:00 pm and at 04:05 pm the CIO disables and/or deletes his account. Guess what happens? John is still logged on to a workstation and connected to some servers. All he has to do is unlock the workstation, (typically workstations do not go and check unlock requests with the domain controller). The result is that John is still able to work on his desktop and local drives, even though his account has been disabled and deleted.
With UserLock, a CIO can remotely lock, logoff and reset all sessions immediately, from potentially anywhere using the Web interface.
When it comes to employees’ online behavior surveillance, two things are crucial:
Here again, native Windows features are not sufficient. System Admins are not able to answer the following questions in real time:
UserLock allows real time session surveillance and monitoring; at all times a CIO knows who is connected, from what workstation(s), since when…
To monitor access to an organization’s files and folders, standard Microsoft systems only propose manual event logs. This functionality leaves administrators with hundreds or even thousands of events to decrypt and analyze to pinpoint the information of interest. This generates endless hours of non productive and error-prone work.
FileAudit monitors, archives and reports on access (or access attempts) to sensitive files and folders stored on Microsoft Windows systems.
FileAudit instantly gives a comprehensive list of:
- read/write accesses
- file ownership changes (accepted or denied)
- permission modifications (accepted or denied)
Each record details:
- the user
- the domain
- the date and time of connection and disconnection
for:
- a file
- a selection of files
- a folder and subfolder
- a selection of folders and subfolders
Raising employees’ awareness about insider threat is a key component of an efficient IT security strategy. Regular training or offering a hotline so that employees can anonymously report fraud are part of the insightful measures that should be taken to mitigate insider threat. But one of the most efficient ways to make users security aware is to systematically remind them of their rights and duties each time they log on.
UserLock allows notifying all users prior to gaining access to a system with a tailor- made disclaimer. Users can for example be advised that system usage is monitored, recorded, subject to audit, and that unauthorized use is prohibited and subject to criminal and civil penalties.
Another efficient way is to provide users at each connection with detailed information about their previous logons, so they can easily detect if someone else had successfully logged on (or attempted to log on)as them and potentially impersonated them. This is missing from native Windows features.
At each logon, UserLock provides users with information such as:
- last workstation logged on,
- date and time of last successful logon,
- history of all logons denied by UserLock and Windows since last successful logon,
- number of logons denied by UserLock and Windows since last successful logon.
We look forward to your comments and concerns. Feel free to post your remarks hereunder or use Twitter or Facebook to exchange with us.
Download UserLock now
Download FileAudit now
RemoteExec can easily deploy the Windows 7/2008 R2 Service Pack 1. This can be useful if you have to update servers without an Internet connection or workstations with the Windows Update engine turned off.
You can update your system directly following the 6 steps below. Before getting started, check to see if the Targets Computers are being used as this operation will consume resources and will require at least one reboot.
The size of this new service pack needs to be taken in consideration for this operation:
The time taken for this deployment can fluctuate (depending on the target computer system and the bandwidth available) between 15 minutes to more than half an hour. As in every Windows Service Pack installation, hardware resources will be impacted. That is why we advise to schedule this operation during off business hours. In the example below, we have planned it for Sunday evening
.
In this example we have scheduled the SP1 update on Sunday evening. You can also schedule the results report of this deployment in order to find it into our mailbox2 Monday morning when coming back to work.
Download RemoteExec now Check RemoteExec detailed features
The example below illustrates the use of a predefined System Action to ensure the automatic shutdown of all workstations. The time you choose for switching off your computer must coincide with your company business needs.
Take note that:
Our goal in this example is to shutdown all computers, even those with documents unsaved or applications running. You should communicate this as part of your global Green Charter to your users.
In this example, all computers have been shut down during the night. In the same way, you may decide to automatically switch on computers on allowing users to work immediately upon their arrival. This is also possible through RemoteExec Wake up System action.
The computers using the Wake-on-line technology (available on most computers today) can be remotely powered on if this option is enabled. You just have previously to scan the Mac addresses and Subnet of your network machines using the System action Get wake up info (which can also be scheduled). Then using the same concept, you can choose to wake up users’ computers automatically.
If for any reason you remotely launch a shutdown that you want to abort, you can use the specific System action.
Download RemoteExec now Check RemoteExec detailed features
As a contribution to the Microsoft 2011 MVP Global Summit, IS Decisions today launched MVPtweets.com, a website that displays in real time:
- tweets from more than 1,100 Microsoft Most Valuable Professionals (MVPs)
- tweets from Microsoft MVP Leads and Community Managers
- tweets with #MVP11 and #MVPbuzz hashtags
and allows instant visualization of what is going on in the Microsoft MVPs community.
If you are a Microsoft MVP and noticed that your Twitter profile is not on MVPtweets.com, please just tweet us and we will add you.
Follow IS Decisions on Twitter
CCleaner supports the cleaning of temporary or potentially unwanted files left by certain programs, including Firefox, Opera, Internet Explorer, Safari, and other applications along with browsing history, cookies, Recycle bin, memory dumps, file fragments, log files, system caches, application data, autocomplete form history, and various other data.
Source: Wikipedia
. The Progress window will pop in a new tab allowing you to follow the remote execution process.
. The Progress window will pop in a new tab allowing you to follow the remote execution process.
1: If the target path doesn’t exist, all the folders composing the path tree will be created
Note: If you already have a CCleaner installation on Target Computers (with default parameters or even personalized parameters as done here), you can update/change the CCleaner settings using the Ini file. Change the parameters as wanted in your proper installation or directly in an Ini file copy then push it using RemoteExec selecting the File operation «Copy a file». Ini settings description: http://www.piriform.com/docs/ccleaner/advanced-usage/ccleaner-ini-files/using-ccleanerini-to-modify-how-ccleaner-runs
You can run CCleaner remotely and silently on computers using RemoteExec. The settings taken into account for this remote runs are those set on target machines (see previous paragraph).
. The Progress window will pop in a new tab allowing you to follow the remote execution process.
Note: When you run CCleaner.exe using the /AUTO parameter, CCleaner does not run the Registry cleaner. You cannot currently run the Registry cleaner through a command-line parameter.
Download RemoteExec now Check RemoteExec detailed features
Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. The latest Firefox features include tabbed browsing, spell checking, incremental find, live bookmarking, a download manager, private browsing and location-aware browsing.
Source: Wikipedia
. The Progress window will pop in a new tab allowing you to follow the remote execution process.
