RE: Controlling access to servers

• Previous message: Prasanna M: "Hot Brick Software Firewall"
• In reply to: sf_mail_sbm_at_yahoo.com: "Controlling access to servers"
• Next in thread: Trevor Cushen: "RE: Controlling access to servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <sf_mail_sbm@yahoo.com>, <security-basics@securityfocus.com>
Date: Wed, 1 Dec 2004 09:36:42 -0800

  Consider a situation where IT Dept is forbidden to touch some
machines because the information they contain is "too sensitive".

  How do we manage security in such a case?

Answer (98 times out of 100): The most critical information in
the enterprise winds up on the least secure machines in the
enterprise.

David Gillett

> -----Original Message-----
> From: sf_mail_sbm@yahoo.com [mailto:sf_mail_sbm@yahoo.com]
> Sent: Tuesday, November 30, 2004 4:10 AM
> To: security-basics@securityfocus.com
> Subject: Controlling access to servers
>
>
>
>
> Hi List,
>
> Consider a situation where IT Dept has full access and
> control over all servers
>
> How do we manage security in such a case? i.e. how can we put
> control measures to prevent IT Admins to do whatever they
> want on the system without going through a proper control &
> approval process
>
> One solution might be to give the admin passwords to the IT
> Security Section or the IT Audit, in this way, Admins will
> have to request them to log in the machine for all interventions
>
> Of course this solution has lots of drawbacks!
>
> I would be glad to know how other companies manage to control
> changes being done on IT systems, particularly in large organisations
>
> Thanks for your comments
>
> Ronish
>

• Previous message: Prasanna M: "Hot Brick Software Firewall"
• In reply to: sf_mail_sbm_at_yahoo.com: "Controlling access to servers"
• Next in thread: Trevor Cushen: "RE: Controlling access to servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]