[unisog] building a secure repository for sensitive informati
Darden, Patrick S.
darden at armc.org
Mon Apr 5 12:36:18 GMT 2004
We have something here which we put together:
-compaq dx380 w raid 1+1, redundant power supplies, local backup drive
-rh linux 9, latest updates
-on our intranet, no internet exposure
-only two services turned on: SSL, SSH
-iptables turned on with strict rules to disallow all but ssl, ssh
We call it The Vault. As you can guess from the above, we have a completely
we based interface. Every access is audited. We have three types of users:
superuser, admin, user. Superuser can add/subtract/edit all three types of
users. Admins can add/sub/ed all regular users. Users can edit some parts
of their profile. The profile consists of:
--last name, first name (unchangeable by user)
--username (unchangeable by user)
--validation question 1, 2, 3 (changeable)
--groups the account is a member of (unchangeable by user) (e.g.
internet, exchange groupware, rightfax, highdef, as400, etc.)
If a user forgets his/her username or password, they can check the vault.
If they want to change their password, they use the vault. Here's how it
works: User forgets username, accesses vault from bookmark, finds name, is
asked 3 questions that they have already put into their profile (e.g. what
is your grandmother's maiden name), and is told his/her username. Similar
procedures for other parameters of profile.
This also serves as our SSO system. We simply reimport the usernames and
passwords every 24 hours into all our disparate systems. We promise a 48
hour maximum turnaround to our users wherein they may have to use their old
or new password.
The application is actually very simple. The problem is implementation of
process and procedures--every system has different username and password
requirements, every system thinks they should be paramount, lots of egoes
involved in different departments, lots of politics.
--ARMC Unix, Internet, Cisco, Firewall, Security, Intranet
From: Russell Fulton [mailto:r.fulton at auckland.ac.nz]
Sent: Monday, March 29, 2004 4:20 PM
To: unisog at sans.org
Subject: [unisog] building a secure repository for sensitive information
We are looking at revising the system we use for protecting things
root password and making sure they are available in emergencies (when
the normal SA is on leave, their backup is sick and the other person who
might know is also out of town). For a start we would just use this for
our (central IT) own use but once the system was establish we would
extend it so Faculties could also use it too.
Could also be used for storing crypto keys etc. Longer term it could
also be used as a CA for signing and escrowing keys.
Some desirable features of such a system are (in no particular order)
1. Maintain a strong audit trail of who accessed what and when.
2. the ability to attach various adhoc information to stored items
(e.g. list of people who can be given the item and means of
identifying said people if they are not there 'in person')
3. quick and easy retrieval of information .
Item one really implies some sort of computer system since any manual
system relies on people filling in forms which is unreliable unless you
have a safe with two keys so you need two people to... anyway that
violates three above.
So we are looking at a PC which has had epoxy squeezed into the rj45
connector and an encrypted file system that would live in a physically
secure area (our operations room that is staffed 7x24x365).
Has anyone else put together something like this? Do you know of any
systems commercial or otherwise which provide these facilities?
Russell Fulton /~\ The ASCII
Network Security Officer \ / Ribbon Campaign
The University of Auckland X Against HTML
New Zealand / \ Email!
More information about the unisog