The conviction of Roger Duronio whose alleged actions took down 2000 servers at UBS and Terry Childs who allegedly wreaked havoc on the City of San Francisco’s network created a spot light for the risk posed by granting full administrator or root access to a network. These examples along with many others have created a serious concern with IT managers around granting root access.
However there’s no way around it – IT staff cannot effectively do their job without admin authority and many operating systems, databases and applications lack granularity in their admin authority model.
In this webinar I will show that after due-diligence in the hiring process, there are no effective preventive controls against malicious or coerced actions by such sysadmins. The only deterrent/detective control available is a high-integrity audit trail. But just deploying a log management solution does not ensure a “high integrity” audit trail safe from tampering from the very sysadmins it is designed to monitor and audit.
I will explain the special requirements that must be met to ensure a “high integrity” audit log that can be used as a way to address the risk of unlimited admin authority. We will address issues including:
- Physical and network separation between systems monitored and log management solutions
- Preserving access to log data for administrators without exposing the log data to tampering or deletion
- Not burdening information security staff with administration of operating systems and databases they aren’t trained for
You can apply the tips and requirements I provide in this webinar to any type of log management solution but you will be interested to see the unique ways that Alert Logic’s on-demand log management solution helps you meet the special requirements of preserving a high-integrity audit trail safe from tampering by those with admin authority.
However there’s no way around it – IT staff cannot effectively do their job without admin authority and many operating systems, databases and applications lack granularity in their admin authority model.
In this webinar I will show that after due-diligence in the hiring process, there are no effective preventive controls against malicious or coerced actions by such sysadmins. The only deterrent/detective control available is a high-integrity audit trail. But just deploying a log management solution does not ensure a “high integrity” audit trail safe from tampering from the very sysadmins it is designed to monitor and audit.
I will explain the special requirements that must be met to ensure a “high integrity” audit log that can be used as a way to address the risk of unlimited admin authority. We will address issues including:
- Physical and network separation between systems monitored and log management solutions
- Preserving access to log data for administrators without exposing the log data to tampering or deletion
- Not burdening information security staff with administration of operating systems and databases they aren’t trained for
You can apply the tips and requirements I provide in this webinar to any type of log management solution but you will be interested to see the unique ways that Alert Logic’s on-demand log management solution helps you meet the special requirements of preserving a high-integrity audit trail safe from tampering by those with admin authority.
Click here to register
CAN'T MAKE THE LIVE EVENT? REGISTER ANYWAY TO GET THE RECORDED VERSION.
Title: When Good Admins Go Bad: The Critical Need for Log Management as a Deterrent/Detective Control
Date: Tue, Feb 24, 2009 2:00 PM
This is real training.
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Subscription Information
You can unsubscribe below but try fine-tuning what type of information I send you. I have 5 different categories emails I send out - you can choose which to receive.
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.
No comments:
Post a Comment