From: "Hrvoje Mesing" 


"John Beckett"  wrote
in message news:eqaot1d1o4tqcjqttkf1c3sc081ds3r38j{at}4ax.com...

> If you physically search BO on entry/exit from secure server room, and if
> the BO can only do backups from within that server room, then you can hope
> the BO will not take media home.
>
> But surely you don't really believe that? Are you saying there is a way to
> stop a backup operator from backing up, or from restoring, sensitive data
> (apart from encryption, which does prevent access to a BO)?


-+-

?

Why would BO have physical access to media or server room ? Maybe he is
allowed only to use restricted Terminal Administration Services Session (in
this case, Permissions are needed! Thats what We started to talk about) ?
Or, maybe he DO have an physical access to serverom/media, still, he cannot
get out of the server room with media because he is searched, there is a
physical security system, bla, bla, bla, what ever makes you happy. Why
would I hope if there are security measures that will prevent something I
dont want to happen ?

I belive that BO should have an option of backup and restore. Also, I know
that backup and restore can be Actively monitored. So, for a procedure of a
backup, in example, BO cannot take out the media without the alert.
For backing up on any other media that is not ultrium lets say (or named in
the specific way, or anythign else), the security monitor will rise. For
any atempt of not scheduled restoring (or restoring on not permitted
restore point path!) a security event monitor is rised, BO is again killed
on spot.

I do not understand why are you trying at all ? Those are simple taks that
every Admin can manage to encounter BO, still, I'm only interested if
changing default perms would break SLA. That securing FS will bring only
benefits, it is clear from the space ship == no one messes with my data if
I do not want 'em to mess.

Also, when You call MS and say you have an problem, one of the first things
done, if they need data (depends on problem/data), is running Microsoft
  application that collets system settings/critical
mission data and is packed to a dat/bin file which you then send back to
MS. Same tool shows (creates sec. template) security on FS.


-+-
M.

--- BBBS/NT v4.01 Flag-5