I think the issue of why management doesn't want IT to have access/manage to the server needs to be answered. If it were me, I'd ask them point-blank if they trust me, and if they don't, why am I their network admin/security guy/whatever the case may be. But that's me. ;)
On Fri, May 23, 2008 at 6:00 PM, <[EMAIL PROTECTED]> wrote: > On Fri, 23 May 2008 14:26:07 PDT, Daniel Sichel said: > >> Thank you to all who responded to my request for how to deal with a non >> secure server. Responses ranged from lol witty to incisive. I will >> definitely be asking the general manager for a key to his house and I >> will be requiring a release from liability in writing. It was very >> helpful, thank you all again. > > Just keep in mind, that *sometimes* you *do* want to give people a key to > the house/office/etc - for instance, if you're going on vacation, you'll > likely want to give a key to whoever is petsitting for you. > > The important question is *why* is said person getting access, what the > risks and benefits are, and if there's other ways to achieve the goal (for > instance, you may not need to have somebody stop by to feed your fish if > one of those 7-day feeder blocks will work)... > > When I suggested "Ask him if he'd give people keys to the office", the > *expected* response is "But the cleaning crews have keys.." or similar - which > lets you get the *discussion* going of who has what access and why... > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
