Re: Passwords - in a Disaster Recovery Doc/Book

From: Dominic Hill <dhill_at_my-deja.com>
Date: Wed, 15 Mar 2000 11:34:25 GMT
Message-ID: <8ansg1$eaa$1@nnrp1.deja.com>

In article <8aiv58$1u0_at_nntpa.cb.lucent.com>, "Mike O" <ora7dba_at_yahoo.com> wrote:
> I am working on a Disaster Recovery Document for PASSWORDS (Unix,
Oracle, NT
> servers, etc). Has anyone tackled this process and have
recommendations?

In my experience - both as a sysad and working for DR services company, passwords (at least important ones) tend not to be inlcuded in any DR docs. This is for two reasons:

1. In an ideal world passwords should {;-)} get changed on a regular basis and independently of anything else. To keep updating docs just for password changes is a pain and is likely not to happen.....
2. Depending upon who has access to the DR doc (either legitimate or otherwise) this leaves you with a significant security issue. In theory, any good DR doc is a security hazard in itself as it highlights all the weak points in the infrastructure. For this reason alone many companies make access on a 'need to know' basis only.

Most of the companies I used to work with on DR tests provided the passwords in envelopes in the same boxes as the tapes or had them hand carried by the senior person in the team.

Really it all comes down to how easily passwords can be reset in a DR scenario - things like AIX root are easy, Oracle and other such applications it may not be so. Does the time taken to reset them, or the risk taken in documenting them justify the end result??

Dominic

---

Dominic Hill
AIX, RS/6000 SP and Disaster Recovery Specialist Parallix Consulting Ltd., UK

http://www.parallix.demon.co.uk

Sent via Deja.com http://www.deja.com/
Before you buy. Received on Wed Mar 15 2000 - 05:34:25 CST