Ask the Expert

Separating the roles of computer operator and systems administrator

I have a question about computer operation and system administration. I am concerned that if the two functions are operated by the same person, it may lead to fraud. Our computer operator does end-of-day batch processing, data backup, system mornitoring, server startup/shutdown, etc. If the computer operator is has malicious intentions, he could run the end-of-day batch with the wrong database to his benefit. Or he may start or shutdown the important servers to allow others to hack the systems. If he also performs the duties of a system administrator, he can delete the audit trial from log files to hide what he did. So it's bad, right? I think that these two functions need to be separated. Actually, the system administrator who has the most power in the system, should not be allowed to perform other functions.

What's your opinion on this? How do we audit the system administrator (in case he deleted his actions from log files)?


    Requires Free Membership to View

You have raised some very valid concerns. In today's organization, system administrators are taking on a greater role in the security of their systems. In some companies, this is even considered part of their job description. While administrators do need to be secuirty conscious, proper checks and balances need to be implemented to prevent them from being able to perform or assist in intrusions, as well as cover their tracks.

For auditing, you should have your log files written to a central server, such as syslog in a Unix environment. Several enterprise management tools are now available that provide one central logging point. These products also analyze all log files, looking for potential intrusions or questionable activities. You should also have a security staff that continuously audits your systems, looking for differences from a baseline configuration, new services, etc. Host and network IDS systems will also help identify malicious behavior.


For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Security Policy & Infrastructure
Best Web Links: Career Profiles


This was first published in July 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: