Author: jtnire, Posted: Tue Mar 23, 2010 4:02 pm Post subject: Split Knowledge/Dual Control ---- Hi folks,
Due to PCI DSS, and since we aren't using hardware security modules for our key storage, I need to make a paticular server require 2 people before login is allowed.
An example would be maybe 2 smartcards for login? Or 2 passwords?
I am already going to encrypt the key database with truecrypt that requires 2 keys to open (These keys are given to 2 different people). However, after the inital boot up and both truecrypt keys are inserted, the system needs defence from a single person logging in and browsing the contents.
Any ideas on how I could achieve this would be appreciated
Thanks
Author: eladl, Posted: Thu Mar 25, 2010 10:40 pm Post subject: ---- That is quite odd its required by PCI DSS.
Can you tell me what the system is used for and why exactly you believe 2 people should approve access to this system ?