When checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:
- Application ID
- Application role or group
- Membership in an local server group, Active Directory (AD) group, or UNIX Group
- Access to the application’s share and/or folder on the server
- Database ID
- Database role, including access permissions (read/write)
- Other permission (from a home-grown application code or enterprise identify management system)
Continue reading →
Like this:
Like Loading...
Filed under Audit, How to..., Security, Technology
Tagged as access, active, AD, admin, application, Audit, batch, confidential, contractor, data, database, directory, employee, file, financial, folder, format, generic, group, hipaa, HR, ID, LDAP, log, membership, new, non-personal, OS, PCI, permission, personal, role, script, setup, share, sox, system, Unix, user
If you enter a password into a login box and your password disappears, look for it!
I’m serious, because it happened again today. Not to me, but to my colleague.
Continue reading →
Like this:
Like Loading...
Filed under Security, Security Scout
Tagged as active, change, chat, disappear, email, look, open, password, URL, window
When checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:
ITauditSecurity 