lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <fec013240805231728g40cd7a4ek1661b7b79fece1d5@mail.gmail.com>
Date: Fri, 23 May 2008 20:28:19 -0400
From: "Micheal Cottingham" <techie.micheal@...il.com>
To: full-disclosure@...ts.grok.org.uk
Cc: Daniel Sichel <daniels@...derosatel.com>
Subject: Re: Thank you for help with management.

I think the issue of why management doesn't want IT to have
access/manage to the server needs to be answered. If it were me, I'd
ask them point-blank if they trust me, and if they don't, why am I
their network admin/security guy/whatever the case may be. But that's
me. ;)

On Fri, May 23, 2008 at 6:00 PM,  <Valdis.Kletnieks@...edu> wrote:
> On Fri, 23 May 2008 14:26:07 PDT, Daniel Sichel said:
>
>> Thank you to all who responded to my request for how to deal with a non
>> secure server. Responses ranged from lol witty to incisive. I will
>> definitely be asking the general manager for a  key to  his house and I
>> will be requiring a release from liability in writing.  It was very
>> helpful, thank you all again.
>
> Just keep in mind, that *sometimes* you *do* want to give people a key to
> the house/office/etc - for instance, if you're going on vacation, you'll
> likely want to give a key to whoever is petsitting for you.
>
> The important question is *why* is said person getting access, what the
> risks and benefits are, and if there's other ways to achieve the goal (for
> instance, you may not need to have somebody stop by to feed your fish if
> one of those 7-day feeder blocks will work)...
>
> When I suggested "Ask him if he'd give people keys to the office", the
> *expected* response is "But the cleaning crews have keys.." or similar - which
> lets you get the *discussion* going of who has what access and why...
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ