Security Basics mailing list archives
RE: Controlling access to servers
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Wed, 1 Dec 2004 10:21:54 -0000
I would disable remote admin access thus forcing IT staff to log on as themselves and then you have an audit trail (enable auditing of course). You would have to monitor the audit logs and enforce whatever procedures you wish to be in place. There are many excellent freeware monition detection systems (windows and linux based) to monitor the servers themselves and again monitor these to ensure procedures are being followed. Finally a host based IDS system can be used to flag when changes have happened on any server. All in all you would be implementing tight monitoring controls to watch the usage of the servers. This in my opinion is better because trying to tighten down access for admin staff has proved (for me anyway) more of a nightmare because when it is really needed many of the IT staff don't have the access required to fix a problem etc and security is relaxed in the face of an "emergency" and not put back. So with the above in place, you watch the IDS for changes to the system. If one is flagged then you view the logs and or the camera and you have the person responsible for the change. If there is no approval recorded for the change then you take them outside and beat them with a bat! They will soon learn :) Hope this helps -----Original Message----- From: sf_mail_sbm () yahoo com [mailto:sf_mail_sbm () yahoo com] Sent: 30 November 2004 12:10 To: security-basics () securityfocus com Subject: Controlling access to servers Hi List, Consider a situation where IT Dept has full access and control over all servers How do we manage security in such a case? i.e. how can we put control measures to prevent IT Admins to do whatever they want on the system without going through a proper control & approval process One solution might be to give the admin passwords to the IT Security Section or the IT Audit, in this way, Admins will have to request them to log in the machine for all interventions Of course this solution has lots of drawbacks! I would be glad to know how other companies manage to control changes being done on IT systems, particularly in large organisations Thanks for your comments Ronish This email and its attachments are solely for the attention of sf_mail_sbm () yahoo com. Please contact Trevor.Cushen () sysnet ie if you receive this mail in error.
Current thread:
- Re: FW: Controlling access to servers Jeff Breci (Dec 01)
- <Possible follow-ups>
- RE: Controlling access to servers David Gillett (Dec 01)
- RE: Controlling access to servers Trevor Cushen (Dec 01)