General discussion

Locked

Admin Rights for IT Security

By Bob in Calgary ·
Just a general question. Should IT security personnel have full admin access rights to email servers, file servers desktops etc.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Depends

by BFilmFan In reply to Admin Rights for IT Secur ...

It all depends on the company policy and applicable laws and regulations.

Should security personnel be able to get access to anything if needed? Oh yes.

Collapse -

Not necessarily

by JamesRL In reply to Admin Rights for IT Secur ...

In most of the places I have been - someone - manager of IT security or whatever, has to ask for permission to have rights to something specific. There was no blanket authorization, no fishing expeditions. If there was bad behaviour suspected, there was a meeting with HR and the persons manager and IT security. If they all agreed, then the IT security person assigned would have rights to that "suspect"'s information.

It works well in my estimation.

James

Collapse -

back to legalities

by gadgetgirl In reply to Admin Rights for IT Secur ...

Bob,

According to UK and EU laws etc. over here, the security personnel shouldn't be doing monitoring etc. on their own in the first place. Everything should be done in tandem with a witness - better strength for a court case, and also back-watches both members of the security personnel.

Personally, I have minimum admin rights, purely because I'm the one who has to sort the chaff out of the admin mailbox. Wouldn't want to do anything else in case I inadvertently corrupted evidence.

I suppose it depends on not only what they want to do, but how technically capable they are of doing it in the first place. Should they inadvertently access the wrong thing, there goes the protection for your chain of evidence!

Hope this helps

GG

Collapse -

Yes and No

by Scribe6 In reply to Admin Rights for IT Secur ...

If your primary job is to make sure the exchange server is running, then you should have Exchange and Server admin rights.

If your primary job is to make sure the desktops work right, then no, you shouldn't have admin rights to the servers.

I think it also depends upon the size of the IT shop you're in. I'm in a 2 man shop for a distributor/e-tailer, and both of us have full admin access across our domain, so we can both get different things done at the same time.

If I was in a larger shop, I wouldn't expect to have full admin rights across the domain. I would only expect whatever rights I needed to take care of my primary responsiblities.

Collapse -

Who protects the enterprise from the network administrator?

by Praetorpal In reply to Admin Rights for IT Secur ...

This question stems from a serious lack of understanding of IT security that generally prevails in the IT and corporate world.

IT security is not just freedom from spyware, virii and external crackers.

The biggest and most costly cyberbreach is the inside job, and most enterprises resort to some kind of cub scout promise, or prayer, and hope that their employees are honest, including the superuser. But how do you protect against a disgruntled admin or employee with authorization deliberately sabotaging systems or data? Or selling trade secrets? (Everyone has a price, it is just higher for some than others).

The CSO and those under him, are ultimately responsible for data integrity and assurance, and as such must be able to access anything they need to do their job, and track down threats to the organization, even if they are its own employees.

Collapse -

The Rest of the IT staff

by SmilingSheep In reply to Who protects the enterpri ...

Applying this only to organizations that are big enough to support dedicated IT security personnel. In smaller companies the SysAdmin is sometimes the CSO as well.

JamesRL has it right with the authorization idea. Security personnel should not by default be given carte blanche access to the data. The request must be specific and documented. Also, security personnel who are not 'in the loop' of the specifics of a system may break it while 'scanning the logs.' Dedicated security personnel should not be given admin rights to a server.

Combatting the inside job is a matter of checks and balances. Again, in a larger company, duties should be redundant enough to allow for the untimely loss of a staff member. Giving a single person the right to police themself without accountability is a recipe for ... well, a lot of bad things. Two staff should have access to the monitoring logs and they should both be checking it regularly. Then at least the two would have to agree to espionage before proceeding.

As a security analyst for my company, I work outside the production server environment. IDS/IPS, firewalls, etc are not the job of the SysAdmin. I have logs shipped to a dedicated security server from the production servers for analysis, and from those I can determine changes I'd like to see if the system. I work with the SysAdmins to ensure the availability and integrity of the data.

Back to Security Forum
6 total posts (Page 1 of 1)  

Security Forums