Security Basics mailing list archives
RE: Passwords in a disaster
From: "Enquiries Globalart4u" <enquiries () globalart4u com>
Date: Sat, 26 Jan 2008 12:09:42 -0000
i would not put into a bank because you are assuming that the bank wherever it is will still be functioning in a dr situation and what happens if the responsible person is unable to retreive, and if it happens in the weekend is the bank open to be able to retrieve as most online businesses do no not just work monday to friday but weekends too? would the court be functioning normally during a dr by opening up somewhere else? then have a dr site elsewhere with a reputable company and have key people who will have the passwords, which can be generated weekly and given to them weekly. Tallat http://www.promomat.biz/golfmap.htm = scottish golf course maps http://www.yuckyslugsandsnails.co.uk/ = innundated with slugs and snails - try some of our solutions or just have a meal out of them -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Stephen Tanner Sent: Thursday, January 24, 2008 9:11 AM To: security-basics () securityfocus com Subject: RE: Passwords in a disaster Because of the nature of the account, we disallow access to the account in normal business. The account is generic, leaving no accountability. However, in a DR situation, where we are in a depreciated state, we are using this account for access to a read-only web based interface. We don't disable the account through traditional means to avoid issues with the information not getting propagated to DR correctly. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Stephen Tanner Information Security Administrator Network Support Services Lee County Clerk of Courts =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -----Original Message----- From: Sheldon Malm [mailto:smalm () ncircle com] Sent: Thursday, January 24, 2008 11:41 AM To: Stephen Tanner; mike.barber () wachovia com Cc: security-basics () securityfocus com Subject: RE: Passwords in a disaster For what it's worth, this is really no different than any kind of Incident Response and/or DRP/BCP scenario. A Firecall ID process should be well established and practiced in advance so there are standing instructions on release of the Firecall ID in the case of a disaster. This ensures that the release of the privileged account is facilitated as part of the Disaster Response rather than waiting for an individual to take action. Basic "single point of failure" avoidance, which is what DRP/BCP and incident response are all about. Sheldon Malm Director Security Research & Development nCircle Network Security Check out the VERT daily post http://blog.ncircle.com/vert -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Stephen Tanner Sent: Thursday, January 24, 2008 10:25 AM To: security-basics () securityfocus com Subject: RE: Passwords in a disaster Well, not really. I am more speaking of a court room only setting where there IS no phone. Phones aren't non-existent, just not an option. I would like to go the route in the previous suggestion, but pushing encryption I do not believe would fly. The point here is really a mitigation of risk. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Stephen Tanner Information Security Administrator Network Support Services Lee County Clerk of Courts =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -----Original Message----- From: mike.barber () wachovia com [mailto:mike.barber () wachovia com] Sent: Thursday, January 24, 2008 10:22 AM To: Stephen Tanner Subject: Re: Passwords in a disaster If phones are not an option, what are your options?....Chances are good that if phones are completely out your network will be as well. Thanks, Mike Barber CIS - Unix Security Engineering Wachovia Corp. (704) 427-0512 "Stephen Tanner" <stanner () leeclerk org> Sent by: listbounce () securityfocus com 01/24/2008 09:49 AM To <security-basics () securityfocus com> cc Subject Passwords in a disaster I'm trying to get a consensus on what people think is the best solution to sending a shared password or passphrase in a DR situation where phones are not a viable option. Any thoughts? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Stephen Tanner Information Security Administrator Network Support Services Lee County Clerk of Courts =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Florida has a very broad Public Records Law. Most written communications to or from State and Local Officials regarding State or Local business are public records available to the public and media upon request. Your email communications may therefore be subject to public disclosure. ForwardSourceID:NT00015E6E Florida has a very broad Public Records Law. Most written communications to or from State and Local Officials regarding State or Local business are public records available to the public and media upon request. Your email communications may therefore be subject to public disclosure. Florida has a very broad Public Records Law. Most written communications to or from State and Local Officials regarding State or Local business are public records available to the public and media upon request. Your email communications may therefore be subject to public disclosure. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.10/1240 - Release Date: 23/01/2008 17:47 No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.11/1243 - Release Date: 25/01/2008 11:24
Current thread:
- Passwords in a disaster Stephen Tanner (Jan 24)
- Message not available
- RE: Passwords in a disaster Stephen Tanner (Jan 24)
- RE: Passwords in a disaster Sheldon Malm (Jan 24)
- RE: Passwords in a disaster Stephen Tanner (Jan 24)
- RE: Passwords in a disaster Petter Bruland (Jan 24)
- RE: Passwords in a disaster Enquiries Globalart4u (Jan 28)
- RE: Passwords in a disaster Stephen Tanner (Jan 24)
- Message not available
- RE: Passwords in a disaster Stephen Tanner (Jan 24)
- RE: Passwords in a disaster Jeptha . Gibbs (Jan 24)
- RE: Passwords in a disaster Ackley, Alex (Jan 24)
- Re: Passwords in a disaster jam (Jan 24)