BugTraq
RE: Windows Vista Power Management & Local Security Policy Jul 23 2008 05:16PM
Good Securitypractice (goodsecuritypractice gmail com)
People in this discussion have been focusing on the technical aspects
rather than the people aspect.

The current power management system is MUCH more secure because people
do not have to be given an account on the machine for them to shut it
down.

This is helpful when an admin can not get to a machine that has to be
gracefully shutdown because of an impending power outage or
thunderstorms. This can be a home computer, a computer in a dorm
room, a server in a hosting environment etc.

This is also very helpful in a kiosk environment where no one at the
place can be trusted with usernames and passwords to the computer.

As an example the computer operators in our server room do not have a
username or password on the servers but can gracefully bring them down
by pressing the power button. Not having a username and password
shared amongst multiple operators or giving multiple operators access
to a server is not a good security practice either, especially on
sensitive computers.

Some people will say physical access is enough to compromise security
but we have cameras that record any unauthorized physical tampering.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus