H
Fire IDs can be established without the need to purchase any special software or tools. Some ideas are as follows:
– Use a special login account: FIRE001, FIRE002, FIRE003 … Put them all in a special Windows security group (or other operating systems as required)
– Give the new FIREID Security group the right level of privileges using a minimum security approach (e.g., just enough privileges to get the job done – for example, update to DBs may be allowed by not deletion, or don’t allow changes to the O/S)
– Set a 24 hour only password (and if folks need more time they check another one)
– Let IT security set special complex passwords as these are issued to developers
– Set up Windows (or other operating systems) to audit login, logoff, access to production DBs, etc.
– Using email or change management software, document who, when, or why a FireID was requested and log it
– Key access performed by the IT developer should be reviewed to ensure no information was altered in an unauthorized manner. This can be accomplished using security management tools like Bindview reporting or examination of the logs.
– Auditors definitely like to see that privileged access is actively monitored, so this step should not be neglected.