Tags

,


Very recently I observed a dilema of the IT security processes/ beliefs/ concept.

IT Security processes ensures maximum availability of IT facilities, and protects you practically. This is highly useful and hence mandatory to have proper IT Security process Exists and being followed inside any business.

One of such IT security processes are, to keep Administrator/Sysadmin/root password in a sealed envelop, obviously in definitive media library (DML). There is another concept which says such passwords must be known to only one who will use and be responsible for use such super user accounts. Now let us consider a situation where your system administrator is not avaiable and you need to take an immediate login as root in your system to change some parameter. This is the time – when you really need to break open those sealed envelop and know the root/administrator password. And also consider that by chance that the system administrator made a mistake in writing the appropiate password. – So you are BOLD OUT.

Hence to come out of such situation you may think for introducing a new process. May be one checking authority who could be anyone else than your system administrator…..But that violates the rule, which says that the sytem admin/root/administrator password should be knopw by one and only one.

I am confused…What do U say?

Advertisements