[Intrusions] Requested opinions on Access.
Joel Esler
esler at knology.net
Thu Nov 11 17:36:26 GMT 2004
IMO, Always practice the theory of "least privileged access", give them
the access they need. If they need root, give them root, but let them
know that their machine is subject to be wiped at any time.
My 0.02
Joel
On Nov 10, 2004, at 10:41, Wilson, Mark wrote:
> Ladies and Gentlemen;
>
> I have an issue with our Data Base Admins (DBA's) wanting the root
> passwords for their workstations. We had just recently a DBA run a
> crack against a shadow file and move the shadow file from one of the
> Unix machines to a PC.
>
> We staff separate Systems Administrators that normally admin these
> workstations, and I have a "symbiotic" relation on security issues
> with our SA's and trust them to perform necessary updates.
>
> Obvious issues aside, I would really like to hear about policies and
> issues that others have in relation to DBA's having root access.
> These DBA's support our Oracle Financials. (ehhh shiver up my spine)
> that hold all our customer financial information.
>
> I would really appreciate responses to this since it has become a very
> touchy issue and I'm getting stuck in the middle being the Security
> person.
>
> Thanks.
>
>
>
> Mark Wilson
> Communications Analyst / IT Security
> Eastern Municipal Water District
> 2270 Trumble Rd.
> Perris Ca. 92572
> 951.928.3777.4544
> www.emwd.org
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
More information about the Intrusions
mailing list