[dtl_security_gap] [Security_sig] [maryedie@osdl.org: Security Call this week.]

Philip Peake philip at vogon.net
Thu Aug 4 10:29:25 PDT 2005


Responses based upon a set of large (fairly sensitive) users that I have
experience with:

> Outstanding questions:
>
> Edge Server:
> Are hostile attackers expected?

Absolutely.

> Who controls the access control policy?

Not certain I understand this question, so I will answer in two parts:

1: Access to edge servers for other than the applications they host,e.g.
sysadmin:

A combination of security group (if there is one), systems administration
team, and corporate policies - often set by people who don't have a full
grasp of the implicatons of their policies.

In many cases there are a very restricted number of logins. Quite often
root access is via sudo (or equivalent), with some possibility of waivers
depending on the tasks -- waivers usually require written approval by
director level.

In some cases there is no access. Configurations are built and tested in a
staging environment, and edge servers are then jumpstarted from that
image. if the app breaks, the system is re-jumped. problems are looked
at/resolved in staging environments.

2: Outside user access is controlled by business units, following
authentication/authorization for pre-packaged roles only.

> How many authorized users to expect?

Sysadmin users: zero to many. Mostly 1 to 4 I would guess.

> Any separation of duties for sys admin?

Not that I have encountered, but that is probably siply a function of the
companies I have seen rather than a general rule -- most of these
companies don't want to pay several people to perform a task which can be
performed by one.

> What's important to audit?

Access logs, application logs, usual tripwire/checksum of system
executables and config files.

> continuance? importance of denial of service attacks? Anything else?
> Is there any sensitive information on this server?

The whole point of edge servers is to isolate sensitive information.
I have never seen an edge server with sensitive information on it.

DoS -- DoS mitigation is expensive, most have some primitive responses
ready such as blocking IPs/ IP-blocks at the firewall, throttling etc, but
generally nothing beyond that.

Continuance is usually covered by geographically remote fail-over.

> Mid-Tier
> Who controls the access control policy?

Business group in collaboration with security group.

> How many authorized users to expect?

Assuming sysadmin users: small number < 5

> Any separation of duties for sys admin?

Often diferentiate between base OS admin/config and application(s)
admin/config.

> Is audit important, and what's to audit?

Same as for edge servers.

> Infrastructure Server:
> Do internal users get access, or only system admins? Who controls the
> access control policy? How many authorized users to expect?
> Any separation of duties for sys admin?
> What's important to audit?

Basically identical to Mid-Tier.

> Departmental Server:
> Are hostile attackers expected?

Yes.

> Who controls the access control policy?

Wide variance. Other servers typically regard departmental servers as
potentially hostile.

> Any separation of duties for sys admin?

Very rarely.

> Is audit important, and what to audit?

Audit? what's an audit ??





More information about the security_sig mailing list