building a secure repository for sensitive information

Russell Fulton r.fulton at auckland.ac.nz
Mon Mar 29 21:20:08 GMT 2004


Hi All,
	We are looking at revising the system we use for protecting things like
root password and making sure they are available in emergencies (when
the normal SA is on leave, their backup is sick and the other person who
might know is also out of town).  For a start we would just use this for
our (central IT) own use but once the system was establish we would
extend it so Faculties could also use it too.
Could also be used for storing crypto keys etc.  Longer term it could
also be used as a CA for signing and escrowing keys.

Some desirable features of such a system are (in no particular order)
     1. Maintain a strong audit trail of who accessed what and when.
     2. the ability to attach various adhoc information to stored items
        (e.g. list of people who can be given the item and means of
        identifying said people if they are not there 'in person')
     3. quick and easy retrieval of information .

Item one really implies some sort of computer system since any manual
system relies on people filling in forms which is unreliable unless you
have a safe with two keys so you need two people to... anyway that
violates three above.

So we are looking at a PC which has had epoxy squeezed into the rj45
connector and an encrypted file system that would live in a physically
secure area (our operations room that is staffed 7x24x365).

Has anyone else put together something like this?  Do you know of any
systems commercial or otherwise which provide these facilities?

-- 
Russell Fulton                                    /~\  The ASCII
Network Security Officer                          \ /  Ribbon Campaign
The University of Auckland                         X   Against HTML
New Zealand                                       / \  Email!




More information about the unisog mailing list