Security Basics mailing list archives
RE: Controlling access to servers
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 1 Dec 2004 09:36:42 -0800
Consider a situation where IT Dept is forbidden to touch some machines because the information they contain is "too sensitive". How do we manage security in such a case? Answer (98 times out of 100): The most critical information in the enterprise winds up on the least secure machines in the enterprise. David Gillett
-----Original Message----- From: sf_mail_sbm () yahoo com [mailto:sf_mail_sbm () yahoo com] Sent: Tuesday, November 30, 2004 4:10 AM To: security-basics () securityfocus com Subject: Controlling access to servers Hi List, Consider a situation where IT Dept has full access and control over all servers How do we manage security in such a case? i.e. how can we put control measures to prevent IT Admins to do whatever they want on the system without going through a proper control & approval process One solution might be to give the admin passwords to the IT Security Section or the IT Audit, in this way, Admins will have to request them to log in the machine for all interventions Of course this solution has lots of drawbacks! I would be glad to know how other companies manage to control changes being done on IT systems, particularly in large organisations Thanks for your comments Ronish
Current thread:
- Re: FW: Controlling access to servers Jeff Breci (Dec 01)
- <Possible follow-ups>
- RE: Controlling access to servers David Gillett (Dec 01)
- RE: Controlling access to servers Trevor Cushen (Dec 01)