[Security_sig] Re: Departmental questions resolution...

Chris Wright chrisw at osdl.org
Fri Aug 12 11:49:25 PDT 2005


[bounced by Chris Wright, went to wrong list addr]

* Philip Peake (philip at vogon.net) wrote:
> Some of these answers will depend on who you talk to, what industry, and
> corporate culture, so some variance is to be expected.
> 
> The real answer here is to get input from more than two people, but if
> this is all you have to work from...

I agree (although for sake of proper acknowledgement, I should note,
those minutes include input from Matt and Emily during the sig call).

> > The responses for departmental server questions were different enough
> > that I'd like to review my conclusions here before posting the use case:
> >
> > Comments [A] and [B]
> > Resulting language --->
> >
> >> Departmental Server:
> >> Are hostile attackers expected?
> >
> > [A} Yes.
> > [B] Traditionally answer is no, but hostile insider is an increased
> > risk.
> >
> > ---> Hostile attackers are expected and are usually internal, typically
> > not external attackers.
> 
> Yes.

Agreed.

> >> Who controls the access control policy?
> >
> > [A]Wide variance. Other servers typically regard departmental servers as
> > potentially hostile.
> > [B]Expected to fall under site-wide security policy, but is
> > likely managed as local departmental server and may have differing
> > policy control.
> >
> > ---> There is a wide variance in the ways access control
> > policies are formed.  Policies are expected to fall under a site-wide
> > security policy, but is likely managed as a local server and
> > may have differing policy control.  Other servers typically
> > regard departmental servers as potentially hostile, due to
> > occasional security policy mishandling on the part of departmental
> > server administration or local policy decisions.
> 
> Yes ... much depends upon the strength/influence of the corporate security
> group.

Agreed.

> >> Any separation of duties for sys admin?
> >
> > [A] Very rarely.
> > [B] System level admin, backup admin, file/print admin...these
> >  are typically all the same.  May find the file/print management
> > can (and should?) be done by separate admin role (not system admin).
> >
> >
> > --->Separation of administrative duties such as file/print
> > administration might be needed, but in practice is rarely used.
> 
> Yes.

Agreed.

> >> Is audit important, and what to audit?
> >
> > [A] Audit? what's an audit ??
> > [B] Same as Edge Server.  May contain sensitive documents with
> > restrictive ACLs whose access should be audited.
> >
> > --->Security auditing is important for:
> > (1) system and application/service login attempts, both successful and
> > failed,
> > (2) security changes made by the system administrator or application
> > administrator,
> > (3) anything else important to the site policy, in particular,
> > Departmental Servers may contain sensitive documents with restrictive
> > ACLs whose access should be audited.
> > (4) IDS style auditing of things like network traffic analysis, or
> > binary/configuration file checksum intrusion detection, the focus being
> > on internal attacks,

s/internel/external/ I think (we're talking about remote traffic here)

> > Note, that although the above items are important to audit, local
> > policy makers or system administrators may not understand the
> > need for auditing or may not have an audit administrator.
> 
> Yes ... but ... much depends upon the sensitivity of the information
> present on, or processed by the server. Highly sensitive data-handling
> servers require much more monitoring/auditing than a server used for
> general purpose work.
> 
> "Departmental server" covers a wide range of uses.
> Most will not require extraordinary monitoring. An NSA departmental server
> may, for example.
> 
> No simple, short answer to this.

Again, agreed.

thanks,
-chris



More information about the security_sig mailing list