[unisog] Admin Access to Servers

Addam Schroll addam at purdue.edu
Wed Nov 15 13:58:45 GMT 2006


Our Central IT group currently has a project underway to move all
administrative access to their critical infrastructure servers
(databases, Active Directory, etc) onto a private management network.

The current concept goes so far as to require each admin to carry a
separate laptop from their normal machine in order to allow remote
access from home or work.  Unfortunately, the extra machine and
draconian policies have the admins up in arms.

I applaud the effort to try and further lock down access to the machines
that hold the keys to the kingdom, but I'm concerned that the pendulum
has swung to far in the security direction this time.

So I'm curious what security controls, policies, or procedures others
have in place at their institutions to protect access to critical
infrastructure.  What controls have been the most useful?  How have they
affected usability and productivity of the system administrators?

Any feedback, direct or back to the list, would be appreciated.

Addam

-- 
Addam Schroll
IT Security and Privacy Analyst
Office of the Vice President for Information Technology Security and
Privacy, Purdue University addam at purdue.edu
PGP/GPG: B3FD 239B 573E D7F8 076B 9FDC 347D 4D4E 355F E9D0


More information about the unisog mailing list