Security Basics mailing list archives

RE: Controlling access to servers

From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Wed, 1 Dec 2004 10:21:54 -0000

I would disable remote admin access thus forcing IT staff to log on as themselves and then you have an audit trail 
(enable auditing of course).  You would have to monitor the audit logs and enforce whatever procedures you wish to be 
in place.  There are many excellent freeware monition detection systems (windows and linux based) to monitor the 
servers themselves and again monitor these to ensure procedures are being followed.  Finally a host based IDS system 
can be used to flag when changes have happened on any server.  All in all you would be implementing tight monitoring 
controls to watch the usage of the servers.  This in my opinion is better because trying to tighten down access for 
admin staff has proved (for me anyway) more of a nightmare because when it is really needed many of the IT staff don't 
have the access required to fix a problem etc and security is relaxed in the face of an "emergency" and not put back.

So with the above in place, you watch the IDS for changes to the system.  If one is flagged then you view the logs and 
or the camera and you have the person responsible for the change.  If there is no approval recorded for the change then 
you take them outside and beat them with a bat! They will soon learn :) 


Hope this helps



-----Original Message-----
From: sf_mail_sbm () yahoo com [mailto:sf_mail_sbm () yahoo com]
Sent: 30 November 2004 12:10
To: security-basics () securityfocus com
Subject: Controlling access to servers




Hi List,



Consider a situation where IT Dept has full access and control over all servers



How do we manage security in such a case? i.e. how can we put control measures to prevent IT Admins to do whatever they 
want on the system without going through a proper control & approval process



One solution might be to give the admin passwords to the IT Security Section or the IT Audit, in this way, Admins will 
have to request them to log in the machine for all interventions



Of course this solution has lots of drawbacks!



I would be glad to know how other companies manage to control changes being done on IT systems, particularly in large 
organisations



Thanks for your comments



Ronish


This email and its attachments are solely for the attention of sf_mail_sbm () yahoo com.  
Please contact Trevor.Cushen () sysnet ie if you receive this mail in error.

Current thread:

Re: FW: Controlling access to servers Jeff Breci (Dec 01)
- <Possible follow-ups>
- RE: Controlling access to servers David Gillett (Dec 01)
- RE: Controlling access to servers Trevor Cushen (Dec 01)