Defeating Security Threats

By Christian Perry  |  Posted 2012-03-28 Email Print this article Print
 
 
 
 
 
 
 

Differing requirements for efficiency, knowledge and security spawn a variety of technology approaches from these manufacturers.

 

Defeating Security Threats

For Austin Powder, a Cleveland-based explosives manufacturer, security is a top priority. Employees at other firms might expect a fair amount of freedom with their company-supplied computers, but Austin Powder’s line of business requires a more limited computing environment that allows users to execute only tasks related to their jobs.

While that requirement might seem simple in the age of Microsoft’s security-minded Windows 7 operating system, Austin Powder still uses the aging Windows XP OS to accommodate legacy equipment and applications.

“Microsoft provides different classes of users—guest, user, power users, and administrator—with each class having additional privileges, moving from guest accounts, with minimal task privileges, up to the administrator, who can perform any task,” explains Mark Howard, PC operations manager for Austin Powder. “Microsoft has a best practice called 'least privilege’ that defines this idea. In a least-privilege environment, the computer user only has enough privilege to perform the operations required to run the applications required.”

That concept works effectively for environments with some flexibility in their security requirements, but Howard discovered that bumping a user to a higher class to accommodate a certain application also granted access to unauthorized tasks. To remedy this problem, Austin Powder sought a more granular method for providing privileges when an application required it without granting access to a user at all other times. The manufacturer found it in the form of BeyondTrust’s PowerBroker Desktops, which intercepts the launch of an application and injects the security token of a different account to only the process being launched.

Howard notes that this technology allows the company to run any application for a user-class account, even if that application otherwise requires administrator-level access. The implications around security breaches are potentially devastating to Austin Powder, but its combination of least-privilege and PowerBroker helps it defeat malware and viruses that can circumvent account privileges.

“We used to spend many hours fighting and removing malware and viruses when our computers were being operated with an administrator-class account,” Howard recalls. “Now, with our computers operated by the user-class accounts, the malware and viruses have very limited capabilities. This is a very big deal.”



<1234>
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters



















 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date