Need a suggestion

Moderator: Moderators

Post Reply
User avatar
Iane_Blaidd
Member
Posts: 1788
https://www.behance.net/kuchnie-warszawa
Joined: Tue Oct 28, 2008 8:04 pm
Location: Plano, Texas

Need a suggestion

Post by Iane_Blaidd »

Our newest biggest client’s IT department asked me if I had a suggestion how to deal with the following. If anyone has a suggestion let me know.

Below is the request they sent me:
A small number of people here need to be able to access sensitive information, in case of emergency. Need to be able to do this from a Smartphone but it can’t be stored on the smartphone. The sensitive information would be items like:
- Server admin logon’s and passwords
- Clients logon and passwords
- Clients emergency contact info

All this information could be in the form of simple PDF / Workbook or Word document.
Iane Blaidd
105 Druid of Tunare
“Why do I even dare to think I could dream I could imagine I could hope?”
― Dylan Moran

Image
Rapitiss
Officer
Posts: 5050
Joined: Fri Oct 26, 2012 11:50 pm

Post by Rapitiss »

Answer is NO. Its a bad idea. It WILL come back and cause problems at some point.

Oh no jim's phone got hacked! or
Oh on the server got hacked!

and they now have a list of our machine names and personal contact info!
Ishtass
Posts: 456
Joined: Wed Aug 21, 2013 1:58 am

Post by Ishtass »

Phones are so insecure, it's a terrible idea.
Image
User avatar
Alsmack
Officer
Posts: 4260
Joined: Sat Sep 20, 2008 8:18 pm
Location: Chicago, IL

Post by Alsmack »

As people have mentioned, Local Storage on a smart phone should be considered a huge no.

Access to something secure via smartphone Internet would potentially be okay. One client I use utilizes LastPass which is a secure cloud storage mechanism for passwords.

The downside is that it does store an encrypted version of the password DB locally on your phone, but it does require a password to access. One thing to note however - it can use what's called "password sharing" in which you can share passwords with another person using LastPass, and you can share it in such a way that it doesn't allow them to view or copy the password but they can still use the password in the web browser embedded in LastPass.

There's really no reason to reinvent a wheel here. If they are okay with encrypted versions of the files on the phone, a simple password manager that requires some kind of password to log in to it and stores everything encrypted on disk should do the job. I still recommend against storing passwords on ANY mobile device with storage on it, even if it's encrypted. This includes laptops.
Image
Alsmack | Rezlar | Dpses | Lynis | Medissin | Arbutus
User avatar
Iane_Blaidd
Member
Posts: 1788
Joined: Tue Oct 28, 2008 8:04 pm
Location: Plano, Texas

Post by Iane_Blaidd »

Thank you guys for your input :)

Alsmack i think your idea is best and i found a few other sites like the one you suggested so i am going to send them with yours as my top suggestion since i have zero exp with any of them....

if anyone else knows of a secure "sloud" site that can be accessed via a smartphone browser let me know
Last edited by Iane_Blaidd on Thu Dec 19, 2013 3:12 pm, edited 1 time in total.
Iane Blaidd
105 Druid of Tunare
“Why do I even dare to think I could dream I could imagine I could hope?”
― Dylan Moran

Image
Stabput
Posts: 6
Joined: Mon Nov 18, 2013 3:58 am

Post by Stabput »

Do a server based Wiki.. All information would be stored on the wiki can be updated and changed as needed and permissions are required. You can make it HTTPS only to secure the connections and you can revoke access at any point. It can be done via phone or computer, remove or local.

If you need to actually store files a CMS like Sharepoint might be the way to go.
Post Reply