Securing the IT operations of a company
-
Systems mostly on CentOS, mostly Java applications, mostly Postgresql databases. Compliance requires separating infrastructure operations, application operations, computer operations to be separated. This means that an infrastructure operator is su to be root on a server, an app operator su to be root on a database and have some su rights do keep the apps running, and a computer operator is a lesser mix of the two. Root password and some high priority passwords managed by Password Manager Pro, released after a four-eye check, and changed by PMP after use. But this is not enough. Looks like the gold old four eyes rule is required. Is there a solution to restrict OS/DB to require the consent of two people to execute something with raised privileges? Like launching a nuke-tipped missile with two keys.
Peter Adam wrote:
Is there a solution to restrict OS/DB to require the consent of two people to execute something with raised privileges? Like launching a nuke-tipped missile with two keys
This is an interesting idea. It's almost the idea of two-factor but with an additional check that the person with the 2nd factor is not the same person who attempted the login. So Op1 attempts to login. Op2 gets a 2-factor notification on her phone and has to accept.
-
Systems mostly on CentOS, mostly Java applications, mostly Postgresql databases. Compliance requires separating infrastructure operations, application operations, computer operations to be separated. This means that an infrastructure operator is su to be root on a server, an app operator su to be root on a database and have some su rights do keep the apps running, and a computer operator is a lesser mix of the two. Root password and some high priority passwords managed by Password Manager Pro, released after a four-eye check, and changed by PMP after use. But this is not enough. Looks like the gold old four eyes rule is required. Is there a solution to restrict OS/DB to require the consent of two people to execute something with raised privileges? Like launching a nuke-tipped missile with two keys.
We had 2 people with half the password each, then they needed backup for leave/sick events. This naturally was a complete PITA when SA access was required and that invariably occurred when you could not locate both halves of the password. So it became a team of people for each half password at which point the entire thing became a farce.
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
-
Eddy Vluggen wrote:
We call it "common sense", as you would.
Though, of course, "common sense" is an illusion. :rolleyes: EDIT Came back to say : The illusion is shattered the instant anything goes wrong and managers become involved. After that it's all just finger-pointing.
raddevus wrote:
The illusion is shattered the instant anything goes wrong and managers become involved
Managers being famous for not having the common sense.
raddevus wrote:
After that it's all just finger-pointing
If you a manager yes. All others keep records.
raddevus wrote:
Though, of course, "common sense" is an illusion. :rolleyes:
We just call them Americans :D
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
Eddy Vluggen wrote:
We call it "common sense", as you would.
Though, of course, "common sense" is an illusion. :rolleyes: EDIT Came back to say : The illusion is shattered the instant anything goes wrong and managers become involved. After that it's all just finger-pointing.
raddevus wrote:
The illusion is shattered the instant anything goes wrong and managers become involved. After that it's all just finger-pointing.
That's after it facked up and becoming a Hollywood movie. Common sense says not to be an American. Ehr.. I meant, "before you fack up". Nearly the same.
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
Peter Adam wrote:
Is there a solution to restrict OS/DB to require the consent of two people to execute something with raised privileges? Like launching a nuke-tipped missile with two keys.
Yes. We call it "common sense", as you would.
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
There is no common sense nor trust when the daily amount of just the change money measured in 1E3 €s...
-
There is no common sense nor trust when the daily amount of just the change money measured in 1E3 €s...
Only if you trust $. Those that do, have trouble with intrinsic value. The paper, EU or US, has none. More debt in those currencies being created, to "save the economy". ha :D
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
We had 2 people with half the password each, then they needed backup for leave/sick events. This naturally was a complete PITA when SA access was required and that invariably occurred when you could not locate both halves of the password. So it became a team of people for each half password at which point the entire thing became a farce.
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
Back in the mid 1980s, very early days of EFT, I was involved in setting up the crypto infrastructure for a major independent player. Before the days of Diffie-Hellman etc, there was a requirement for link master keys (typically 2 x 56bit DES for EDE) to be manually entered in the other party's crypto box. At least half of the big 4 banks just gave the left and right halves of each key to different people. ... Oh nice. I've got one half. I only need to try about 2^28 possibilities (which was just about feasible in those days) to crack the whole thing. They got all s*itty when we insisted on three full length components to be entered separately, and XORed inside our secure box to make the actual key. Reason for 3 not 2? So there is no leakage through the parity bits in the key. Each component can be odd parity, like the final key. Drove them nuts, but afaik it was never compromised during the 15+ year lifetime of that system. By the time the successor system was implemented, the whole crypto (and comms) landscape had shifted. Cheers from an(other) old fart, Peter
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
-
Only if you trust $. Those that do, have trouble with intrinsic value. The paper, EU or US, has none. More debt in those currencies being created, to "save the economy". ha :D
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
Much like "We had to destroy the village to save it."
Robust Services Core | Software Techniques for Lemmings | Articles
The fox knows many things, but the hedgehog knows one big thing. -
Systems mostly on CentOS, mostly Java applications, mostly Postgresql databases. Compliance requires separating infrastructure operations, application operations, computer operations to be separated. This means that an infrastructure operator is su to be root on a server, an app operator su to be root on a database and have some su rights do keep the apps running, and a computer operator is a lesser mix of the two. Root password and some high priority passwords managed by Password Manager Pro, released after a four-eye check, and changed by PMP after use. But this is not enough. Looks like the gold old four eyes rule is required. Is there a solution to restrict OS/DB to require the consent of two people to execute something with raised privileges? Like launching a nuke-tipped missile with two keys.
I recall that MS SQL can be setup with privileges like that out of the box, if that wasn't possible you would just have to get some decent programmer(s) to write your database authorization code for you. This can be done by having users log into the auth server before they can access the database. Of course then you have to consider how that system could potentially be compromised to gain unauthorized access to the database.
-
Only if you trust $. Those that do, have trouble with intrinsic value. The paper, EU or US, has none. More debt in those currencies being created, to "save the economy". ha :D
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
Are you married?
-
Are you married?
I have been. Only once ofcourse, one doesn't keep making the same errors. So. I have to say no to your proposal :D
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
I have been. Only once ofcourse, one doesn't keep making the same errors. So. I have to say no to your proposal :D
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
How many people stood there to watch and testify that you both said "Yes"? Was it about $?
-
How many people stood there to watch and testify that you both said "Yes"? Was it about $?
You pissed me off with your question.
Peter Adam wrote:
How many people stood there to watch and testify that you both said "Yes"?
Without parents, just two. Of those two, she facked one. Will not make that mistake again.
Bastard Programmer from Hell :suss: "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
