[Security_sig] Re: Departmental questions resolution...

Philip Peake philip at vogon.net
Fri Aug 12 11:48:46 PDT 2005


[bounced by Chris Wright, went to wrong list addr]

Some of these answers will depend on who you talk to, what industry, and
corporate culture, so some variance is to be expected.

The real answer here is to get input from more than two people, but if
this is all you have to work from...

> The responses for departmental server questions were different enough
> that I'd like to review my conclusions here before posting the use case:
>
> Comments [A] and [B]
> Resulting language --->
>
>> Departmental Server:
>> Are hostile attackers expected?
>
> [A} Yes.
> [B] Traditionally answer is no, but hostile insider is an increased
> risk.
>
> ---> Hostile attackers are expected and are usually internal, typically
> not external attackers.

Yes.

>
>> Who controls the access control policy?
>
> [A]Wide variance. Other servers typically regard departmental servers as
> potentially hostile.
> [B]Expected to fall under site-wide security policy, but is
> likely managed as local departmental server and may have differing
> policy control.
>
> ---> There is a wide variance in the ways access control
> policies are formed.  Policies are expected to fall under a site-wide
> security policy, but is likely managed as a local server and
> may have differing policy control.  Other servers typically
> regard departmental servers as potentially hostile, due to
> occasional security policy mishandling on the part of departmental
> server administration or local policy decisions.

Yes ... much depends upon the strength/influence of the corporate security
group.

>
>> Any separation of duties for sys admin?
>
> [A] Very rarely.
> [B] System level admin, backup admin, file/print admin...these
>  are typically all the same.  May find the file/print management
> can (and should?) be done by separate admin role (not system admin).
>
>
> --->Separation of administrative duties such as file/print
> administration might be needed, but in practice is rarely used.

Yes.

>
>> Is audit important, and what to audit?
>
> [A] Audit? what's an audit ??
> [B] Same as Edge Server.  May contain sensitive documents with
> restrictive ACLs whose access should be audited.
>
> --->Security auditing is important for:
> (1) system and application/service login attempts, both successful and
> failed,
> (2) security changes made by the system administrator or application
> administrator,
> (3) anything else important to the site policy, in particular,
> Departmental Servers may contain sensitive documents with restrictive
> ACLs whose access should be audited.
> (4) IDS style auditing of things like network traffic analysis, or
> binary/configuration file checksum intrusion detection, the focus being
> on internal attacks,
>
> Note, that although the above items are important to audit, local
> policy makers or system administrators may not understand the
> need for auditing or may not have an audit administrator.

Yes ... but ... much depends upon the sensitivity of the information
present on, or processed by the server. Highly sensitive data-handling
servers require much more monitoring/auditing than a server used for
general purpose work.

"Departmental server" covers a wide range of uses.
Most will not require extraordinary monitoring. An NSA departmental server
may, for example.

No simple, short answer to this.
>
>
> --
> Mary Edie Meredith
> Initiative Manager
> Open Source Development Labs
> maryedie at hotmail.com
> 503-906-1942
>




More information about the security_sig mailing list