Let's stop willy-nilly handing the keys over to remote suppliers and software in the first place just for the ease of switching on our lightbulbs through our mobile phones!
Microsoft warns partners to revoke unused authorizations that drive your software
Microsoft has advised its reseller community it needs to pay attention to the debut of improved security tooling aimed at making it harder for attackers to worm their way into your systems through partners. That service providers can be used to attack their customers is not in dispute: recent exploits targeting ConnectWise, …
COMMENTS
-
-
-
Wednesday 18th May 2022 12:43 GMT Pascal Monett
You don't want that.
Think about it for a minute : why are you authorizing remote access to a 3rd party in the first place ? Most likely, it is because they have the special proficiency you are lacking in your own workforce. That means they'll be coming in with near-admin level privilege. You want to be able to track that, and you don't want to give admin access to someone who clearly will never need it.
Create a specific user for that specific access, and log the interactions. That way, if something fishy happens, you either have proof of origin, or proof that you need to look somewhere else.
-
Thursday 19th May 2022 04:19 GMT Auntie Dix
Those Shortsighted Savings Will Cost You Dearly
"Why are you authorizing remote access to a 3rd party in the first place? [The m]ost likely [reason is that he has] special proficiency [that] you are lacking in your own workforce."
You could have hired an FTE with such proficiency, but you're an a$$h0le.
That's why your pennywise-but-pound-foolish company deserves what it gets, when, later, it gets hacked.
-
Monday 23rd May 2022 02:09 GMT A random security guy
Re: Those Shortsighted Savings Will Cost You Dearly
Partnerships are a reality. Collaborations are a reality. Two companies may need to work together on projects, account payments, approvals, etc. Many times a company will create separate groups: employees who deal with IBM and, separately, employees who deal with MSFT. It is normal for these employees to collaborate with their customers and vendors on a very close basis.
The best examples are employees of audit companies, which by the very nature of their tasks, can't be the audited company's employees.
-
-
-