Controlling access to servers
sf_mail_sbm_at_yahoo.com
Date: 11/30/04
- Previous message: Juan B: "Syslog events"
- Next in thread: Jeff Breci: "Re: FW: Controlling access to servers"
- Maybe reply: Jeff Breci: "Re: FW: Controlling access to servers"
- Reply: David Gillett: "RE: Controlling access to servers"
- Maybe reply: Trevor Cushen: "RE: Controlling access to servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Nov 2004 12:10:06 -0000 To: security-basics@securityfocus.com('binary' encoding is not supported, stored as-is)
Hi List,
Consider a situation where IT Dept has full access and control over all servers
How do we manage security in such a case? i.e. how can we put control measures to prevent IT Admins to do whatever they want on the system without going through a proper control & approval process
One solution might be to give the admin passwords to the IT Security Section or the IT Audit, in this way, Admins will have to request them to log in the machine for all interventions
Of course this solution has lots of drawbacks!
I would be glad to know how other companies manage to control changes being done on IT systems, particularly in large organisations
Thanks for your comments
Ronish
- Previous message: Juan B: "Syslog events"
- Next in thread: Jeff Breci: "Re: FW: Controlling access to servers"
- Maybe reply: Jeff Breci: "Re: FW: Controlling access to servers"
- Reply: David Gillett: "RE: Controlling access to servers"
- Maybe reply: Trevor Cushen: "RE: Controlling access to servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
