[Security_sig] Departmental questions resolution...

Mary Edie Meredith maryedie at osdl.org
Fri Aug 12 11:46:28 PDT 2005 

[bounced by Chris Wright, went to wrong list addr]

The responses for departmental server questions were different enough
that I'd like to review my conclusions here before posting the use case:

Comments [A] and [B]
Resulting language --->

> Departmental Server:
> Are hostile attackers expected?

[A} Yes.
[B] Traditionally answer is no, but hostile insider is an increased
risk.

---> Hostile attackers are expected and are usually internal, typically
not external attackers.

> Who controls the access control policy?

[A]Wide variance. Other servers typically regard departmental servers as
potentially hostile.
[B]Expected to fall under site-wide security policy, but is 
likely managed as local departmental server and may have differing 
policy control.

---> There is a wide variance in the ways access control 
policies are formed.  Policies are expected to fall under a site-wide 
security policy, but is likely managed as a local server and 
may have differing policy control.  Other servers typically 
regard departmental servers as potentially hostile, due to 
occasional security policy mishandling on the part of departmental 
server administration or local policy decisions.

> Any separation of duties for sys admin?

[A] Very rarely.
[B] System level admin, backup admin, file/print admin...these
 are typically all the same.  May find the file/print management 
can (and should?) be done by separate admin role (not system admin).


--->Separation of administrative duties such as file/print 
administration might be needed, but in practice is rarely used.

> Is audit important, and what to audit?

[A] Audit? what's an audit ??
[B] Same as Edge Server.  May contain sensitive documents with 
restrictive ACLs whose access should be audited.

--->Security auditing is important for: 
(1) system and application/service login attempts, both successful and
failed, 
(2) security changes made by the system administrator or application
administrator, 
(3) anything else important to the site policy, in particular,
Departmental Servers may contain sensitive documents with restrictive
ACLs whose access should be audited.  
(4) IDS style auditing of things like network traffic analysis, or
binary/configuration file checksum intrusion detection, the focus being
on internal attacks,
  
Note, that although the above items are important to audit, local 
policy makers or system administrators may not understand the 
need for auditing or may not have an audit administrator.


-- 
Mary Edie Meredith
Initiative Manager
Open Source Development Labs
maryedie at hotmail.com
503-906-1942

More information about the security_sig mailing list