What rights should be assinged to Network Security Personnel

10 pts.
Tags:
Network security
Network Security Management
I have searched the internet, technical documents, and asked various network support technicians, but have yet to get a clear cut answer to the question.   I have been involved with Network Security for many years and worked for several companies, either as a consultant, or full time employee and this question comes up everytime.   As a member of the Security Team, we are responsible for a multitude of things, many of which, in my opinion, require some type of privileded account in order to do our job.   The constant battle over whether to provide Domain Admin rights, Local Admin rights, and so on, is becoming a burden. Even creating an Admin level Service Account for our tools to run, is a fight.   I would like to know the forums thoughts on this subject.    

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    The rights to assign would be the minimum rights necessary to do the intended work. Without knowing a fairly specific Job Description, it's impossible to know what that would be. It will be different for different organizations. -- Tom
    125,585 pointsBadges:
    report
  • Kevin Beaver
    What are your risks? What's management's tolerance to those risks?

    What are you trying to protect? Who/what are you trying to protect it from?

    Once you have the right information, ask yourself these tough questions and what you need will become clear. Just make sure you don't go at this alone.

    Finally, know it'll take time to implement everything properly so don't beat yourself up if you don't get everything locked down overnight.
    17,140 pointsBadges:
    report
  • Schmidtw

    I agree with those who have posted before me.  As a general rule of thumb, the level of access one needs is the absolute minimum necessary to do the job.

     

    I also think your question has further reaching implications.  Specifically, you could open up the discussion about individual permissions verses role-based permissions.  A lot of shops have a tendency to assign permissions for each new person.  As the employees go on vacation and responsibilities are transferred for various other reasons, soon pretty much everyone has access to pretty much everything.  I personally find this to be quite dangerous.  Role-based access seems to be a much better model for controlling this.  A role can be temporarily applied and revoked, thus making managing permissions a lot easier.

    11,330 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following