BPuhl’s Blog

A little bit of everything without actually being much of anything

Getting the Finger…

Posted by BPuhl on January 6, 2008

Well, after a couple of years, and quite a bit of anticipation, I can verify – sort of personally – that there is actually real, live, honest to goodness code to defend security infrastructures worldwide.

In early November, Sanjay came to Redmond to demo version 1 of Gold Finger.  As the fates would have it, I was on a business trip to London at the time, so I didn’t get a chance to see it personally, but having talked with several people that did see it I feel safe in saying that “it’s real”.  🙂  Since then, I’ve had an e-mail conversation with Sanjay, and hopefully will be able to see Gold Finger myself.

Since I didn’t see it myself, I can’t give a true review of it.  I will say that some of my co-workers liked the reporting and analysis, but were concerned about the scalability/flexibility.  Pretty standard for the v1 of anything actually.

Hopefully I’ll get to see it, and will post a review or info (if allowed).

Advertisements

3 Responses to “Getting the Finger…”

  1. Mike Kline said

    I think feature #12 in the brochure is interesting. “No Technical Background Needed”. So a secretary could install and run this tool?

    I’m nervous about running security tools that make grand claims like this but it should be interesting to see how this plays out.

  2. Brian Puhl said

    Agreed, that would be a scary proposition.

    I have always had BIG issues with anyone that wants me to run anything under administrator credentials. To be completely honest, I’ve been burned to many times by our own product groups…coughExchangeCoughRTCcough… sneaking in stupid things under the guise of “forestprep”.

    From the way GoldFinger was described to me though, it is purely a “read and report” application now, and even the secretary has the rights to read a lot of the security ACL’s in the directory. So I suppose hypothetically, she could run it…and the report it generated would show everything that she had access to read. Interesting in and of itself.

  3. Mike Kline said

    I agree with you on the admin credentials and limiting admin rights. That is very important.

    One thing I notice is from the Channel 9 and Edge videos is that people at Microsoft that are labeled as “managers/executives” many times seem to have decent technical skills and engineering or CS degrees. Maybe the tool would be easy for them to use and interpret.

    In the part of the country I’m in many of the management types have no technical knowledge. I’m talking about people who think putting paper in a printer tray is a technical feat. I’d be really impressed if this tool was easy for them to use.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: