Security Basics mailing list archives
Re: Network Engineer vs. Network Security Engineer
From: ron () gmail com
Date: 12 Jan 2010 00:23:36 -0000
Other's have already mentioned "Separation of Duties". So sure it would be easier if you had update access to the equipment, but do you really need it? Maybe Read Only access would be adequate? Do you have a change control/management process in place that can implement your change requests in a timely fashion. Maybe you could be added to the change approval process for anything that impacts security. Of course that would require you to clearly define what constitutes a "security change". Actually the list can be quite extensive. Another consideration, you say that the other guy is the only person who has full access to that part of the system. Haven't you been paying attention to the "adventures of Mr Childs of San Francisco". He was the lone person with access to part of the city network. He refused to hand over the passwords to "the wrong people", in his opinion. Last I heard he had spent over 14 months in jail, WITHOUT a trial, because he could not raise $5 million in bail. Google it. Here are a few links: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=322438 http://www.pcworld.com/article/165950/accused_rogue_admin_terry_childs_back_in_court.html?tk=nl_dnx_h_crawl http://www.pcworld.com/businesscenter/article/148951/san_francisco_da_discloses_citys_network_passwords.html http://www.computerworld.com/s/article/9137318/Judge_won_t_lower_5M_bail_for_SF_IT_administrator?source=CTWNLE_nlt_securityissues_2009-09-02 At the VERY least that other admin should be REQUIRED to provide the current userids and passwords to an escrow location. Sealed envelope in a company safe or with a corporate lawyer. Company has to be prepared for him "to be hit by the proverbial bus" or to quit in a snit. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Best firewall applience, (continued)
- Re: Best firewall applience Chris Brenton (Jan 18)
- RE: Best firewall applience Scott Race (Jan 19)
- Re: Best firewall applience Jeremy Nenadal (Jan 13)
- Re: Best firewall applience David Gadoury (Jan 13)
- Re: Best firewall applience Asaf Maruf (Jan 13)
- RE: Best firewall applience Quark Group - Hilton Travis (Jan 13)
- Re: Best firewall applience Stephen Mullins (Jan 18)
- Re: Network Engineer vs. Network Security Engineer Johnathan (Jan 12)
- RE: Network Engineer vs. Network Security Engineer (UNCLASSIFIED) Natividad, Victor E Mr CTR USA (Jan 11)
- Re: Network Engineer vs. Network Security Engineer gig (Jan 11)
- Re: Network Engineer vs. Network Security Engineer ron (Jan 12)