Friday, April 22, 2005

Trusting Privileged Users

A new article on SecurityFocus talks about how two insiders inappropriately used their access to databases to get information they had no business retrieving. Both did so for purely personal reasons.

From a security perspective, this is always an issue. At some point you're going to have to trust a privileged few users. For instance, what's to stop the mail administrator from sending out an email as the CEO? What's to stop an administrator from resetting a password to gain unauthorized access to a set of files? In some cases audit trails are effective. Hence the reason we put them into place. However, technology only takes us so far. For instance, a best practice is to send security events to a separate system in the event a particular server gets compromised. However, if an insider knows what system has the backup logs, that person can overcome this security measure.

Unfortunately, there's no easy answer on this one. Background checks, thorough interviews, careful review of audit logs, multiple people in the process to get to sensitive data - all of these help protect an organization. But none of these are 100% foolproof. It's a sad but true fact of life.


Post a Comment

Links to this post:

Create a Link

<< Home