[Intrusions] Requested opinions on Access.

Hal hmarshal at magreenwood.com
Thu Nov 11 22:46:22 GMT 2004 

Mark,
With the limited info. available, on one hand I would have to say that if a
DBA simply could not do their job without legitimate access to root, then so
be it with stipulations provided. If it would just make their job easier or
such, it better be a very compelling business reason, and it would certainly
be monitored if authorized. Otherwise forget it. I prefer to give only the
access required for someone to successfully do their job. I agree also with
other postings, running a crack would absolutely be grounds for dismissal,
at least. But as also stated, that goes back to policy, or lack of. Given
that the personnel are engaged in cracking activity to begin with, I would
certainly harbor doubts regarding their trust/responsibility with that level
of access. Whats your customer data worth? Whats the potential payoff or
business loss if they had root? Request denied. Good luck with it.

Hal Marshall, IT Manager
Greenwood & Associates, Inc.
Fayetteville, AR 72701
479.521.5353


-----Original Message-----
From: Wilson, Mark [mailto:wilsonm at emwd.org]
Sent: Wednesday, November 10, 2004 9:42 AM
To: intrusions at lists.sans.org
Subject: [Intrusions] Requested opinions on Access.


Ladies and Gentlemen;

I have an issue with our Data Base Admins (DBA's) wanting the root passwords
for their workstations.  We had just recently a DBA run a crack against a
shadow file and move the shadow file from one of the Unix machines to a PC.

We staff separate Systems Administrators that normally admin these
workstations, and I have a "symbiotic" relation on security issues with our
SA's and trust them to perform necessary updates.

Obvious issues aside, I would really like to hear about policies and issues
that others have in relation to DBA's having root access.
These DBA's support our Oracle Financials. (ehhh shiver up my spine) that
hold all our customer financial information.

I would really appreciate responses to this since it has become a very
touchy issue and I'm getting stuck in the middle being the Security person.

Thanks.



Mark Wilson
Communications Analyst / IT Security
Eastern Municipal Water District
2270 Trumble Rd.
Perris Ca.  92572
951.928.3777.4544
www.emwd.org

_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions

More information about the Intrusions mailing list