April 23, 2010 at 9:43 am
webrunner (4/23/2010)
K. Brian Kelley (4/22/2010)
It can't be done. Here's why...If I have admin rights on a server, I have debugging rights. If I have debugging rights, I can see the memory and I can break in to processes. Therefore, if I have admin rights on the server where the data is being encrypted, I can see the data unencrypted. Likewise, if I have admin rights on a system where the data can be viewed unencrypted... like the HR workstation, I can see the data unencrypted. This all may make it more challenging for me, but it doesn't stop me. They did consider the fact that the workstation admins have control over the HR systems, right?
Can all of this be done while also defeating any auditing? It seems to me from dipping into this thread that heavy auditing would handle most of the cases where a DBA is trusted to the data, and even cases where attempts are made to encrypt the data from a DBA who knows how to spy on the data anyway, but only if the auditing itself could not be tampered with. I'm curious if the scenario you describe above would be mitigated by having auditing in place that would allow a third party to detect the user issuing commands to view the memory or the unencrypted data.
I know that in most of these organizations, just knowing that the DBA was at fault would be small consolation if the data was stolen, but I'm just curious about it practically speaking - if a DBA with admin rights on one server can be successfully audited from another server where they don't have admin rights, then at least you have a likely deterrent and a very likely evidence trail should anything happen.
Thanks,
webrunner
You can audit that I attempted a local login to the server. But if I'm managing files, backups, etc., that's not unusual. You won't see an audit trail for me examining memory like that.
K. Brian Kelley
@kbriankelley
May 3, 2010 at 1:17 am
This is really interested, in my case, our HR cant even trust full IS team and the whole product is outsourced even though we tried our best to give all these options.
I was upset about the result, but bit relaxed to know that some of you are on same boat.
Cheers
May 3, 2010 at 7:11 am
Heh... some VERY interesting thoughts on this thread... particularly the idea of having a 3rd party doing the administration. I'v been through that several times. My question would be... what makes HR think that's any more of a secure thing to do? What makes HR think that having a outside consult be the only one with access is more secure? I'd submit that's even less secure. After all, who's watching the stranger going through your silverware drawer? :w00t:
When things like not having access to fix things are levied on me, I look at it as a blessing in disguise... I won't get any 2AM calls on the system because I don't have the access. If it gets broken into, I can guarantee that it wasn't my fault. Sure, I'll fight to make sure things are done correctly but if they forbid me access, then all I can hope is that the 3rd party does it correctly and I tell managment that I'm going to try to break in on occasion just to test.
Heh... think about it... not having admin privs in 3rd party inhouse systems isn't a fault... it's a bloody FEATURE. 😛
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 3 posts - 16 through 17 (of 17 total)
You must be logged in to reply to this topic. Login to reply