« The part where security products solve the problem | Main | Security > 140 Chat with T. Rob Wyatt on MQ and Middleware Security »



In my travels as a security architect I talk about this all of the time too. Whether it is MS SQL single sign on or Domain admins, my advice is the sameā€¦ And I equate it to a WWII submarine movie. You should use elevated privileged accounts like periscopes on submarines are used. You get graded on how short a time you are actually logged onto the elevated privileged account. The shorter the better, and everything should be done to make that experience as uncomfortable as possible. And one of the biggies is elevated privileged accounts should not have an EMAIL account associated with them!

The comments to this entry are closed.