[Security_sig] Departmental questions resolution...
Mary Edie Meredith
maryedie at osdl.org
Fri Aug 12 11:46:28 PDT 2005
[bounced by Chris Wright, went to wrong list addr]
The responses for departmental server questions were different enough
that I'd like to review my conclusions here before posting the use case:
Comments [A] and [B]
Resulting language --->
> Departmental Server:
> Are hostile attackers expected?
[B] Traditionally answer is no, but hostile insider is an increased
---> Hostile attackers are expected and are usually internal, typically
not external attackers.
> Who controls the access control policy?
[A]Wide variance. Other servers typically regard departmental servers as
[B]Expected to fall under site-wide security policy, but is
likely managed as local departmental server and may have differing
---> There is a wide variance in the ways access control
policies are formed. Policies are expected to fall under a site-wide
security policy, but is likely managed as a local server and
may have differing policy control. Other servers typically
regard departmental servers as potentially hostile, due to
occasional security policy mishandling on the part of departmental
server administration or local policy decisions.
> Any separation of duties for sys admin?
[A] Very rarely.
[B] System level admin, backup admin, file/print admin...these
are typically all the same. May find the file/print management
can (and should?) be done by separate admin role (not system admin).
--->Separation of administrative duties such as file/print
administration might be needed, but in practice is rarely used.
> Is audit important, and what to audit?
[A] Audit? what's an audit ??
[B] Same as Edge Server. May contain sensitive documents with
restrictive ACLs whose access should be audited.
--->Security auditing is important for:
(1) system and application/service login attempts, both successful and
(2) security changes made by the system administrator or application
(3) anything else important to the site policy, in particular,
Departmental Servers may contain sensitive documents with restrictive
ACLs whose access should be audited.
(4) IDS style auditing of things like network traffic analysis, or
binary/configuration file checksum intrusion detection, the focus being
on internal attacks,
Note, that although the above items are important to audit, local
policy makers or system administrators may not understand the
need for auditing or may not have an audit administrator.
Mary Edie Meredith
Open Source Development Labs
maryedie at hotmail.com
More information about the security_sig