Split Knowledge/Dual Control

Networking/Security Forums -> UNIX // GNU/Linux

Author: jtnire PostPosted: Tue Mar 23, 2010 4:02 pm    Post subject: Split Knowledge/Dual Control
Hi folks,

Due to PCI DSS, and since we aren't using hardware security modules for our key storage, I need to make a paticular server require 2 people before login is allowed.

An example would be maybe 2 smartcards for login? Or 2 passwords?

I am already going to encrypt the key database with truecrypt that requires 2 keys to open (These keys are given to 2 different people). However, after the inital boot up and both truecrypt keys are inserted, the system needs defence from a single person logging in and browsing the contents.

Any ideas on how I could achieve this would be appreciated


Author: eladl PostPosted: Thu Mar 25, 2010 10:40 pm    Post subject:
That is quite odd its required by PCI DSS.

Can you tell me what the system is used for and why exactly you believe 2 people should approve access to this system ?

Networking/Security Forums -> UNIX // GNU/Linux

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group