[Security_sig] [maryedie@osdl.org: Security Call this week.]

Chris Wright chrisw at osdl.org
Thu Aug 4 09:46:48 PDT 2005


Replies from the call:

> Outstanding questions:
> 
> Edge Server:
> Are hostile attackers expected?

Yes.

> Who controls the access control policy?

Certainly the system administrator.  Expect that it's site-wide, and
this is a subset of company's security policy...not entirely clear on
the question.

> How many authorized users to expect?

What is an authorized user?  I'd expect only administrators (could be
fine-grained administration) get shells.  An audit admin was broght up as
an example, however, Emily made the point that audit info may be forwarded
off the machine.  However, some services may require authentication to
use (e.g. web service) without ever giving user a shell.

> Any separation of duties for sys admin?

See above.

> What's important to audit?
> continuance? importance of denial of service attacks? Anything else?
> Is there any sensitive information on this server?

Admin login attempts (successful and failed), security relevant changes
made by admin, anything else under site policy.  May consider much of
the IDS style auditing for network traffic analysis.  We'd expect
senstive information stored on server kept to minium, while data flow
_through_ the server may include sensitive information. 

> Mid-Tier
> Who controls the access control policy? 

Same as above.

> How many authorized users to expect?

Could go up relative to edge, as there may be effectively
per-application admin.

> Any separation of duties for sys admin?

Yes, especially for per-application admin.

> Is audit important, and what's to audit?

Same as Edge, but perhaps auditing the install/upgrade process
per-application.  Also, with less interest in IDS type network auditing.

> Infrastructure Server:
> Do internal users get access, or only system admins? Who controls the
> access control policy? How many authorized users to expect?
> Any separation of duties for sys admin?
> What's important to audit?
> 
> 
> Departmental Server:
> Are hostile attackers expected?

Traditionally answer is no, but hostile insider is an increased risk.

> Who controls the access control policy?

Expected to fall under site-wide security policy, but is likely manged
as local departmental server and may have differing policy control.

> Any separation of duties for sys admin?

System level admin, backup admin, file/print admin...these are typically
all the same.  May find the file/print management can (and should?) be
done by separate admin role (not system admin).

> Is audit important, and what to audit?

Same as above.  May contain senstive documents with restrictive ACLs
whose access should be audited.

> ----- End forwarded message -----



More information about the security_sig mailing list