The enterprise security topics that I am pretty hot on right now are Role Based Access Control (RBAC), and true privilege separation. Unfortunately both of these things have the same problem; they are typically proprietary (e.g. Sun's RBAC) or they don't really 'work' like they should in multiple platforms (e.g. NIS+ netgroups).

Funny that these are classic enterprise problems. "How do I give the helpdesk the ability to restart only in.ftpd?", or "How do I limit remote login access to the financial servers to just these three machines?". There have been some pretty good attempts at these problems, i.e. sudo and netgroups, but none that I am aware of that provide a top-down level of administration.

I was asked by a SOX inspector what my procedure was for having Sun Field Service personnel rack and maintain my gold maint. hardware. It took me a while to understand what he was trying to get at, but it dawned on me that he was suggesting that because I don't stand there myself and watch it happen that our data could be 'compromised' by a rogue Sun guy. That my phone rings off the hook, my pager never stops buzzing on my belt, I have hundreds of emails to read, and dozens of machines to build before I go home doesn't seem to register with this guy. Point is that some security measures that may be 'secure practices' are too *****ing impractical to even consider. Same goes with software, if an extremely elite black-hat wants into your network the only thing you can do to stop them is pull the plug on your uplink. If a VP wants a sysadmin to do something questionable or unethical, and does it in a very threatening way, guess who will win that battle.

-- spurious