At a major bank that i've worked for in the past, each bank has a buddy bank, where you go to for stuff such as duplicate safe keys and a copy of safe-combinations.
Part of the dual control system requires that a two people sign the envolope (typically on the accross the flap and then taping over the signatures) before storing it in the buddy safe. Two people open the safe at the buddy safe, close it, and one person (management) is allowed to view/use the paper inside. After it's use, the combo is agained dual-controled sealed and again, two people to open the buddy safe and put it back. To get to the envelope, two people. They verify the envelope before removing it, with the two person signature. If there is ever a doubt as to the signatures, we looked at logs and talked to the people who signed it last. On 19 Dec 2001 17:03:58 -0600, Bonner, Jon wrote: > How do you ensure that it is the proper envelope? What I mean is, what's to > stop someone from opening the envelope and gaining the passwords, and then > resealing the passwords in a duplicate envelope? (Or have I read too many > Tom Clancy novels...) > > Jon Bonner > > -----Original Message----- > From: John Morris [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 17, 2001 9:58 PM > To: gminick; security-basics > Subject: Re: Passwords On Paper > > > 6. All the important (router/server/firewall/switch/other) passwords are > stored in a fireproof safe in a sealed envelope, in the event of a > sysadmin's death/???. > When passwords are changed, so is the envelope, in addition to first being > verified as being the correct ones (some people use passwords as a job > security measure, which is lame).
