Cyber Defense eMagazine June 2021 Edition
Cyber Defense eMagazine June Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine June Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
client; choosing to provide login with an admin account, a shared account or their own account; or<br />
choosing a cloud SaaS service or an on-premises server gateway for access.<br />
Customize the experience using abundant options<br />
For most users, a browser-based portal is probably the best option that will satisfy most users. There are<br />
many situations where a browser interface is simply the easiest, since it doesn’t require anything on the<br />
workstation, including network connectivity. This model works extremely well for temporary access with<br />
outsourced IT, or in remote working arrangements when staff are working primarily outside the corporate<br />
firewall.<br />
IT staff may prefer to use a native remote access client under some circumstances, but the networking<br />
requirements make connectivity difficult without providing a VPN connection for the user. Normally, there<br />
are firewall boundaries around the machines in a data center and to connect by server name the user<br />
does a DNS lookup for the target they are trying to get to. However, it won’t work to establish a connection<br />
if the workstation’s native client cannot perform the DNS lookup.<br />
A safe bet is to find a solution that can act as a jump host and offer the ability to accept inbound<br />
connections. Then, find the local systems in order to enable login as well as recording those sessions.<br />
But what if an administrator wants to use a native client to Remote Desktop Protocol (RDP) vs. using a<br />
browser? Or if they want to log in as themselves and use their entitlements and privileges, or use an<br />
Alternate Admin account? They will need other options.<br />
Options are great – but are they easy?<br />
The strongest options will remove any and all obstacles to privileged access and make every option<br />
available based on the preferences of the administrator, and to enforce the security needed while<br />
simplifying access for the IT staff. In particular, two features enable the most choice:<br />
First, using a native client by itself to access a specific target without having to visit a central portal:<br />
usually there is a firewall between the native client and the target system, so IT can use a jump host to<br />
broker the connection for the user to the target. Second, look for “use-my-account” (UMA) capabilities:<br />
once the user authenticates to a cloud service, they may want to use their own account to log into a target<br />
machine.<br />
Organizations can also choose to enable a single pane of glass to work for both cloud-based PAM as<br />
well as traditional break-glass password vault scenarios. For example, should an IT administrator break<br />
glass or just log in as normal and use privilege elevation? With permissions they can do that. They don’t<br />
need anything on the machine, or they can use a browser on a laptop, workstation, or even a tablet or<br />
mobile device. Connectivity to any of the target systems is not necessary.<br />
Ultimately, empowering privileged access controls should be as simple as picking a client, picking the<br />
network connectivity, and picking an identity. Whether an organization provides privileged access tools<br />
may depend on which side of the flipped coin they land on. If not, it is almost a guarantee that IT staff will<br />
find creative ways to work around security best practices to suit their preferences.<br />
IT professionals want ease of use and access, just as business users do. To work on servers and other<br />
infrastructure, IT staff will seek the ways they are accustomed to, regardless of whether is aligns with<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 106<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.