Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Passwords in a disaster

from [Sheldon Malm] Network Security [Permanent Link]
Subject: RE: Passwords in a disaster
Date: Thu, 24 Jan 2008 08:40:55 -0800 
For what it's worth, this is really no different than any kind of
Incident Response and/or DRP/BCP scenario.  A Firecall ID process should
be well established and practiced in advance so there are standing
instructions on release of the Firecall ID in the case of a disaster.
This ensures that the release of the privileged account is facilitated
as part of the Disaster Response rather than waiting for an individual
to take action.  Basic "single point of failure" avoidance, which is
what DRP/BCP and incident response are all about.


Sheldon Malm
Director
Security Research & Development
nCircle Network Security

Check out the VERT daily post
http://blog.ncircle.com/vert



-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Stephen Tanner
Sent: Thursday, January 24, 2008 10:25 AM
To: security-basics@securityfocus.com
Subject: RE: Passwords in a disaster

Well, not really.  I am more speaking of a court room only setting where
there IS no phone.  Phones aren't non-existent, just not an option.  I
would like to go the route in the previous suggestion, but pushing
encryption I do not believe would fly.  The point here is really a
mitigation of risk.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Stephen Tanner
Information Security Administrator
Network Support Services
Lee County Clerk of Courts
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

-----Original Message-----
From: mike.barber@wachovia.com [mailto:mike.barber@wachovia.com]
Sent: Thursday, January 24, 2008 10:22 AM
To: Stephen Tanner
Subject: Re: Passwords in a disaster


If phones are not an option, what are your options?....Chances are good
that if phones are completely out your network will be as well. 


Thanks,
Mike Barber
CIS - Unix Security Engineering
Wachovia Corp.
(704) 427-0512




"Stephen Tanner" <stanner@leeclerk.org> 
Sent by: listbounce@securityfocus.com 

01/24/2008 09:49 AM 
To
<security-basics@securityfocus.com> 
cc
Subject
Passwords in a disaster

        




I'm trying to get a consensus on what people think is the best solution
to sending a shared password or passphrase in a DR situation where
phones are not a viable option.  Any thoughts?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Stephen Tanner
Information Security Administrator
Network Support Services
Lee County Clerk of Courts
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=




Florida has a very broad Public Records Law.  Most written
communications to or from State and Local Officials regarding State or
Local business are public records available to the public and media upon
request. Your email communications may therefore be subject to public
disclosure.

ForwardSourceID:NT00015E6E     




 Florida has a very broad Public Records Law.  Most written
communications to or from State and Local Officials regarding State or
Local business are public records available to the public and media upon
request. Your email communications may therefore be subject to public
disclosure.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Passwords in a disaster, Jeptha . Gibbs
Next by Date:  Re: Passwords in a disaster, jam
Previous by Thread:  RE: Passwords in a disaster, Stephen Tanner
Next by Thread:  RE: Passwords in a disaster, Stephen Tanner
Indexes:  [Date] [Thread] [Top] [All Lists]