Separating the roles of computer operator and systems administrator

I have a question about computer operation and system administration. I am concerned that if the two functions...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

are operated by the same person, it may lead to fraud. Our computer operator does end-of-day batch processing, data backup, system mornitoring, server startup/shutdown, etc. If the computer operator is has malicious intentions, he could run the end-of-day batch with the wrong database to his benefit. Or he may start or shutdown the important servers to allow others to hack the systems. If he also performs the duties of a system administrator, he can delete the audit trial from log files to hide what he did. So it's bad, right? I think that these two functions need to be separated. Actually, the system administrator who has the most power in the system, should not be allowed to perform other functions.

What's your opinion on this? How do we audit the system administrator (in case he deleted his actions from log files)?

You have raised some very valid concerns. In today's organization, system administrators are taking on a greater role in the security of their systems. In some companies, this is even considered part of their job description. While administrators do need to be secuirty conscious, proper checks and balances need to be implemented to prevent them from being able to perform or assist in intrusions, as well as cover their tracks.

For auditing, you should have your log files written to a central server, such as syslog in a Unix environment. Several enterprise management tools are now available that provide one central logging point. These products also analyze all log files, looking for potential intrusions or questionable activities. You should also have a security staff that continuously audits your systems, looking for differences from a baseline configuration, new services, etc. Host and network IDS systems will also help identify malicious behavior.

For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Security Policy & Infrastructure
Best Web Links: Career Profiles

This was last published in July 2002

Dig Deeper on Information security certifications, training and jobs

Federal shutdown disables E-Verify program, creating HR headache The free federal program E-Verify is inoperable, thanks to the government shutdown. HR departments that rely on the work eligibility service will have to revert to manual processes.

Windows event log The Windows event log is a detailed record of system, security and application notifications stored by the Windows operating system that is used by administrators to diagnose system problems and predict future issues.

SELinux commands you should know before giving up hope Rather than giving up on SELinux and allowing permissions you shouldn't, use these SELinux commands to troubleshoot problems.

A primer for user privilege management in Windows Server 2008 Privilege management can be a troublesome endeavor, but Windows Server 2008 introduces a multi-level privilege attribute system with better limits for standard users. Expert Randall Gamby explains the options in Windows Server 2008 for user privilege management.

Top 10 command-line commands for managing Windows 7 desktops Admins don't always need fancy software to manage Windows 7 desktops. Here are 10 command-line utilities that can help you handle scripting tasks.

How to use the CREATE SESSION command to track Oracle database logins Oracle security expert Brian Peasland explains how to use the CREATE SESSION command in an Oracle audit table to track Oracle user database logins.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Please create a username to comment.

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

How to shut down and restart a remote computer

Setting up Windows 10 kiosk mode with 4 different methods

Microsoft extends Office 365 benefit to nonprofit volunteers

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

Get started with Azure tags

Women in tech still feel there’s a ‘glass ceiling’ in the sector

How software can support public involvement with democracy

Cisco unveils plans for internet for the future

Dig Deeper on Information security certifications, training and jobs

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.