Posts tagged: Security

Authorizing in WM – How it SHOULD work

By Max Ranzau

 

chockFrom the My-Two-Cents Dept. Working with RES Workspace Manager for about 1½ decade, I’ve been witness to many improvements. While the products gets better with each release, regardless of vendor it’s not always flowers and chocolate. By now, most seasoned Workspace Engineers familiar with the product, know the difference between learning mode and blocking mode on the security subsystems. Dialing in the security for a new client/customer always takes a bit of time, as you’ll have to deal with the security baseline – and then authorizing the things that are unique for said customer environment. The work I always seem to find myself spending time on is hopping back and forth between Authorized Files and either the Managed Application node or the Read-Only Blanketing node.

The issue at hand is this; every time that one has dealt with a log entry by right-clicking on it, said log entries will still be in the log. It makes it a challenge to maintain an overview of what’s been dealt with and what hasn’t – especially if you are using wildcard rules to kill multiple log entries with one stone. It would be wonderful if this process could be managed better. I’ve gone through the necessary steps in a previous article here. To optimize this work, below are a few of ideas off the top of my head how this ideally should work:

  • The security logs should be reworked to show a “Processed” or “Authorized” flag. Think of it like the little red flag you can set on your emails and tasks in Outlook.
  • When authorizing a specific log entry, there should be check boxes in the authorization dialog box to “Mark affected log entries as authorized” and/or a “Delete affected entries in log file”. Workspace Manager can already can filter views with the Attention flag etc. in Workspace Analysis, so it should be familiar territory, development wise.
  • In the Authorized file node there should be similar options to process all current log files through active authorizations so it becomes evident which things you haven’t dealt with yet.
  • Finally, it would be stellar to incorporate Patrick Grinsven’s excellent work on the DBlogCleaner tool (which is out in a new version, stay tuned)

Now, before some well-meaning person asks why I don’t put these ideas into UserVoice for voting etc, I will offer my thanks for the consideration, yet I am perfectly happy passing that baton with the associated credit to someone else. In other words, feel free to co-opt these ideas and make them your own.

 

How to roll Workspace Security into a production env

Animated, Gears, boxprod-envFrom the Industrial Might & Logic Dept: Once in a while you may come across the scenario where you need to take control over an existing production environment. While new VDI implementations are sprouting up all over the place, it’s not within everyones budget to put in new plumbing and start building from scratch. Over the years I’ve dealt with several customers who had a beat-up production environment where they were spending their workdays putting out fires (and fighting off Ogres) instead of being anywhere near a proactive state. Proactive is a much abused word, but in my context it simply means being ahead of the curve instead of trying to catch up and never emptying out an ever-growing inbox of trouble. While this may sound like a happy story of rainbows and robot-unicorns to some, I assure you a proactive state of secure workspace management is a reality within your grasp, when you consider using the RES Workspace Manager. Let me share a story on how I did it and give you some useful tips on how you can do it too:

doc-icon2<<< Click here to read the article

So I got hacked: How to recover and prevent.

From the and-now-to-something-completely-different dept. Yes, this article has got nothing to do with RES technology, as this is my account of how what can happen if you don’t take precautions to protect your WordPress blog, how it can ruin your day, what to do and how to prevent it from happening again.

I do recognize that there are varying degrees of attacks from the occasional comment spam, over the spamlink hacking that I’ve been dealing with, to a complete site takeover/takedown. Spending two sleepless nights learning the in’s and out’s of WordPress security, wasn’t my idea of fun, so in order to spare other fellow RES Community bloggers from having to learn from scratch, here’s my experiences, which you hopefully can benefit from before it’s too late: Read more »

New Technote: Global Authorized Files Cleanup!

From the spring cleaning dept. Ever got frustrated with having a Global Authorized File list which is a mile long? Been wanting to break down your appguard and read-only blanketing security into more manageable chunks? Then this article is for you. It will show you a very slick way of organizing security authorizations using blank/empty applications as placeholders and how you can easily move security settings inbetween them. Note the moving is a PowerFuse 2010 feature.

The article contains a nice buildingblock for you to try out also.

Click here to view the RG026 article.

Working with the RES PowerFuse Security models

Animated, Gears, boxA new technote has been added to the Technote library. This one is a hands-on how to work with the RES Security models. There has been a bit of confusion how these work. For example, what is the difference between authorizing an application on global level, versus on the individual application. This article will also help you get a grip on what you need to do in order to go from test into production with PowerFuse. Finally we discuss what is needed to do on an ongoing basis to handle change management (new apps) in the PowerFuse environment, once the security is locked down.

Go read the article here