privilege-separation – WindowsTechs.com

The security of different virtualization systems, specifically comparing Qubes hypervisor with separation kernels like INTEGRITY-178B and LynxSecure

Posted on January 16, 2025 by Scientist NA

I’ve often heard that Qubes is considered one of the most secure virtualization options because it uses a small Xen hypervisor, which is only about 150KB in size. However, even Qubes isn’t immune to side-channel attacks, such as the Spectr… Continue reading The security of different virtualization systems, specifically comparing Qubes hypervisor with separation kernels like INTEGRITY-178B and LynxSecure→

The security of different virtualization systems, specifically comparing Qubes hypervisor with separation kernels like INTEGRITY-178B and LynxSecure

Posted on January 16, 2025 by Scientist NA

Is beneficial to have one process listing multiple ports to block country?

Posted on August 5, 2024 by The nothing

I have two process, one run as user client, another run as user inspector
The web app admin ( process client ) port 8080
The web app customer ( process client ) port 8081
Single app process listing on multiple ports
The client process … Continue reading Is beneficial to have one process listing multiple ports to block country?→

Are domain admin credentials cached when entered for approving a software installation?

Posted on July 21, 2023 by rocky_alpine

From what I know, it’s a bad practice to login to any workstation or server except domain controllers as a domain admin. I read that mimikatz or other malware can extract the hash of the password from a compromised workstation. What about … Continue reading Are domain admin credentials cached when entered for approving a software installation?→

Is is bad that on-prem "prod" DB is accessible/visible from in-cloud dev environment?

Posted on March 24, 2023 by Kashyap

We have our dev & prod env split between AWS (databricks workspaces) and on-prem Linux boxes. Specifically, we have DB instances on-prem and have python code running inside our databricks workspace in AWS that reads/writes to the DB.
W… Continue reading Is is bad that on-prem "prod" DB is accessible/visible from in-cloud dev environment?→

User isolation in LAMP

Posted on February 24, 2023 by Gamification

As I understand, in a typical LAMP (or be it LEPP) setup, all PHP code is executed using the same user and group ("www" or similar). In a multi-user scenario (e.g. some variant of allowing Linux user accounts to propagate a publi… Continue reading User isolation in LAMP→

Security difference between changing permissions versus using sudo to execute

Posted on February 17, 2022 by durestudios

If there is a program written by a normal user that requires root privileges (eg. a program that interacts with root processes) what is the difference between running this program using sudo vs. changing the program permissions with chown … Continue reading Security difference between changing permissions versus using sudo to execute→

Is there really any benefit in having a separate local admin account

Posted on January 19, 2022 by TheGreyShadow

I have been thinking of implementing a new practice where local admin privileges are disabled entirely from all endpoints. For users who need to elevate privileges, they will have a separate admin account dedicated and restricted only to t… Continue reading Is there really any benefit in having a separate local admin account→

Authorise access to hierarchical data

Posted on August 29, 2021 by Fahim Farook

Consider a scenario in which you offer service access based on a hierarchy of authority. i.e., a HEAD can register his subordinates. The authenticated HEAD has the previledge to read and update data from all of his subordinates. Is there a… Continue reading Authorise access to hierarchical data→

Which security standard or compliance bans admin privileges across all the company systems [duplicate]

Posted on March 26, 2021 by Matt7864

Someone in my company wants to be granted admin privileges in every single application, infrastructure and network component, just because he is a big IT manager. I don’t have a security background, but it sounds wrong practice. My team is… Continue reading Which security standard or compliance bans admin privileges across all the company systems [duplicate]→