Testing the Foundation for Secure Access to SaaS Products

Chris Williams SaaS, Security, SMB, SME

Encryption is the first line of defense for data accessed through publicly accessible web applications. That’s why it’s so important to validate that your public web applications are configured as securely as possible when it comes to SSL and TLS. The good news is that Qualys SSL Labs offers a free, easy to use web-based tool that tests public web servers for SSL, TLS and PKI configuration issues. The service has been around since 2009 and continues to quickly incorporate checks for known vulnerabilities like Heartbleed. Chances are that your customers are using similar tools to perform non-intrusive checks against …

Automating the Management of Local Admin Passwords with Microsoft LAPS

Chris Williams Security, SMB, SME

Effectively managing local admin passwords across hosts is a common challenge for IT Departments. This drives the reuse of passwords across hosts and makes local admin passwords a highly valued target for attackers to use in attacks like Pass-the-Hash (PtH). This can lead to privilege escalation and access to higher valued assets in the domain. The good news is that Microsoft offers a free, easy to deploy solution that simplifies the management of local admin passwords across domain joined computers. LAPS is built on Active Directory infrastructure so there’s no need for third-party applications. The agent is a Group Policy …