Re: [Veritas-bu] login through veritas

Subject:

From:

"Ed Wilts" <ewilts AT ewilts DOT org>

To:

"Curtis Preston" <cpreston AT glasshouse DOT com>

Date:

Sat, 9 Feb 2008 14:04:17 -0600

On Feb 9, 2008 1:18 PM, Curtis Preston <cpreston AT glasshouse DOT com> wrote:

Remember: background checks on your backup admin are a good thing

Just remember that as a backup admin, I'm also a restore admin. I can restore your passwd and shadow files with my own, read any file on your system and restore it to my own system, and restore garbage overwriting good files on your system. It wouldn't take me an hour to write a script that would render every backup client unbootable and also wipe out all of the backup images. If you don't trust me, then we both have a problem. Similarly, we have to trust our electricians not to fry all of our equipment and our janitors not to see what a bottle of Coke will do to a storage array or a tape library.

No amount of NetBackup authentication protection will help you with a disgruntled backup/restore administrator. The rights they need to do their jobs are precisely the same rights they can use to hurt us (not unlike the Secret Services carrying guns while protecting our president).

.../Ed

--
Ed Wilts, Mounds View, MN, USA
mailto:ewilts AT ewilts DOT org

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [Veritas-bu] login through veritas, Curtis Preston
Next by Date:	[Veritas-bu] Status 96, bnetra
Previous by Thread:	Re: [Veritas-bu] login through veritas, Curtis Preston
Next by Thread:	Re: [Veritas-bu] login through veritas, Curtis Preston
Indexes:	[Date] [Thread] [Top] [All Lists]