Information Security News mailing list archives
Who gets your trust?
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Mon, 17 Jan 2000 11:22:07 -0700
http://www.sunworld.com/sunworldonline/swol-01-2000/swol-01-security.html Who gets your trust? Security breaches can come from those you least suspect Summary Systems administrators have extraordinary access to all the data on corporate systems. What can be done to ensure that your administrators will not betray that trust? (3,000words) By Carole Fennelly In the business world you will often hear the statement "We don't hire hackers." When pressed for a reason, the speaker usually reveals a fear that a "hacker" will install a back door in the system. Time and time again, however, I have seen back doors installed by employees or security professionals whose integrity is never questioned. When confronted, they usually say it's no big deal. After all, they have the root password. They just wanted to set up a root account with a different environment. That's not hacking, right? Wrong. Their intention did not matter -- the security of the system has been bypassed. This article discusses how administrative privileges can be abused and suggests some methods for countering that abuse. It is not meant to imply that every administrator abuses privileges or has malicious intent -- just that you shouldn't assume anything. [snip...] ISN is sponsored by Security-Focus.COM
Current thread:
- Who gets your trust? mea culpa (Jan 17)
- <Possible follow-ups>
- Re: Who gets your trust? mea culpa (Jan 20)