Security Basics mailing list archives
RE: Passwords in a disaster
From: "Sheldon Malm" <smalm () ncircle com>
Date: Thu, 24 Jan 2008 08:40:55 -0800
For what it's worth, this is really no different than any kind of Incident Response and/or DRP/BCP scenario. A Firecall ID process should be well established and practiced in advance so there are standing instructions on release of the Firecall ID in the case of a disaster. This ensures that the release of the privileged account is facilitated as part of the Disaster Response rather than waiting for an individual to take action. Basic "single point of failure" avoidance, which is what DRP/BCP and incident response are all about. Sheldon Malm Director Security Research & Development nCircle Network Security Check out the VERT daily post http://blog.ncircle.com/vert -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Stephen Tanner Sent: Thursday, January 24, 2008 10:25 AM To: security-basics () securityfocus com Subject: RE: Passwords in a disaster Well, not really. I am more speaking of a court room only setting where there IS no phone. Phones aren't non-existent, just not an option. I would like to go the route in the previous suggestion, but pushing encryption I do not believe would fly. The point here is really a mitigation of risk. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Stephen Tanner Information Security Administrator Network Support Services Lee County Clerk of Courts =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -----Original Message----- From: mike.barber () wachovia com [mailto:mike.barber () wachovia com] Sent: Thursday, January 24, 2008 10:22 AM To: Stephen Tanner Subject: Re: Passwords in a disaster If phones are not an option, what are your options?....Chances are good that if phones are completely out your network will be as well. Thanks, Mike Barber CIS - Unix Security Engineering Wachovia Corp. (704) 427-0512 "Stephen Tanner" <stanner () leeclerk org> Sent by: listbounce () securityfocus com 01/24/2008 09:49 AM To <security-basics () securityfocus com> cc Subject Passwords in a disaster I'm trying to get a consensus on what people think is the best solution to sending a shared password or passphrase in a DR situation where phones are not a viable option. Any thoughts? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Stephen Tanner Information Security Administrator Network Support Services Lee County Clerk of Courts =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Florida has a very broad Public Records Law. Most written communications to or from State and Local Officials regarding State or Local business are public records available to the public and media upon request. Your email communications may therefore be subject to public disclosure. ForwardSourceID:NT00015E6E Florida has a very broad Public Records Law. Most written communications to or from State and Local Officials regarding State or Local business are public records available to the public and media upon request. Your email communications may therefore be subject to public disclosure.
Current thread:
- Passwords in a disaster Stephen Tanner (Jan 24)
- Message not available
- RE: Passwords in a disaster Stephen Tanner (Jan 24)
- RE: Passwords in a disaster Sheldon Malm (Jan 24)
- RE: Passwords in a disaster Stephen Tanner (Jan 24)
- RE: Passwords in a disaster Petter Bruland (Jan 24)
- RE: Passwords in a disaster Enquiries Globalart4u (Jan 28)
- RE: Passwords in a disaster Stephen Tanner (Jan 24)
- Message not available
- RE: Passwords in a disaster Stephen Tanner (Jan 24)
- RE: Passwords in a disaster Jeptha . Gibbs (Jan 24)
- RE: Passwords in a disaster Ackley, Alex (Jan 24)
- Re: Passwords in a disaster jam (Jan 24)