RE: Conflict of interests



As long as you can justify it then it shouldn't be a problem. Though if
you're not in the IT department I'd question why you're messing about with
the network if it were my company. Even most of the IT dept won't have that
access level I would have thought, so ...

So in sort, if you can justify it then won't matter, but I don't think
anyone outside the IT dept could justify domain admin access (even people in
the IT dept. will struggle).

What exactly do you need it for? Maybe chuck your justification round the
list and see what people think?


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of s0h0us@xxxxxxxxx
Sent: 04 May 2009 19:17
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Conflict of interests

As a security guy, not part of the IT department, I require a level of
access in order to perform my job. Certain types of tools require privileged
access in order to work. Like having domain admin access and/or similar
privileged access for unix and linux systems. Is it reasonable to request
this type of access without causing any type of conflict of interest that
internal auditors might question? I guess audit trails would come in handy
here.
Thanks for the feedback.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught by
an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------



Relevant Pages

  • Re: Startup security lab setup
    ... InfoSec Institute ... Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. ... Totally hands-on course with evening Capture The Flag exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. ...
    (Pen-Test)
  • RE: Log Management
    ... InfoSec Institute ... Learn all of the latest penetration testing techniques in InfoSec ... Institute's Ethical Hacking class. ... Certified Ethical Hacker and Certified Penetration Tester ...
    (Security-Basics)
  • Re: Securing RDP - Is it possible?
    ... -- This list is sponsored by: InfoSec Institute ... Learn all of the latest penetration testing techniques in InfoSec ... Institute's Ethical Hacking class. ... Certified Ethical Hacker and Certified Penetration Tester exams, ...
    (Pen-Test)
  • Re: Security Checklist
    ... InfoSec Institute ... Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. ... Totally hands-on course with evening Capture The Flag exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. ...
    (Security-Basics)
  • RE: Security Checklist
    ... InfoSec Institute ... Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. ... Totally hands-on course with evening Capture The Flag exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. ...
    (Security-Basics)