Security Basics mailing list archives
RE: Secure Backups
From: "Dan Bogda" <dan.bogda () kintera com>
Date: Fri, 30 Jun 2006 12:02:45 -0700
Rolando, You should stick with least privileges necessary to perform the function. If you can get away with read only access to the file systems do so. You may also want to provide different accounts between environments or machine types(i.e. dev, production; unix, windows, etc.) Also, do not let users use the accounts and make sure to change the passwords on a fixed schedule. I would also lean towards a domain account so that you can easily monitor usage, change the password and globally disable when necessary. It's harder to track x number of local accounts and when they were last used, changed, etc. Good luck, Dan -----Original Message----- From: rolando_ruiz () jetaviation com [mailto:rolando_ruiz () jetaviation com] Sent: Thursday, June 29, 2006 1:34 PM To: security-basics () securityfocus com Subject: Secure Backups Hello security world, I'd like to establish a secure and reliable backup procedure. Currently, the person whom had this responsibility has not been using standard procedures throughout our network. Things I'm looking for include account type to use (local or domain - admin or not), and what rights should this account have in each server? I'm assuming that the account should hold enough admin rights on each box to be able to run the job but I'm unsure if it should hold complete administrator rights. Your comments and suggestions are greatly appreciated. With best regards, Rolando Ruiz --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: Secure Backups Dan Bogda (Jul 04)
- RE: Secure Backups rolando_ruiz (Jul 04)
- <Possible follow-ups>
- RE: Secure Backups Dan Bogda (Jul 04)
- RE: Secure Backups Lee Clemens (Jul 04)