[unisog] Admin Access to Servers

Gary Dobbins dobbins at nd.edu
Wed Nov 15 15:18:46 GMT 2006


A gateway to the datacenter based on a dedicated VPN with 2-factor 
authN, provides them clear access to admin ports on servers.

It's not unreasonable to include an additional layer to help protect 
service exposures which may exercise system level control.

Addam Schroll wrote:
> Our Central IT group currently has a project underway to move all
> administrative access to their critical infrastructure servers
> (databases, Active Directory, etc) onto a private management network.
> 
> The current concept goes so far as to require each admin to carry a
> separate laptop from their normal machine in order to allow remote
> access from home or work.  Unfortunately, the extra machine and
> draconian policies have the admins up in arms.
> 
> I applaud the effort to try and further lock down access to the machines
> that hold the keys to the kingdom, but I'm concerned that the pendulum
> has swung to far in the security direction this time.
> 
> So I'm curious what security controls, policies, or procedures others
> have in place at their institutions to protect access to critical
> infrastructure.  What controls have been the most useful?  How have they
> affected usability and productivity of the system administrators?
> 
> Any feedback, direct or back to the list, would be appreciated.
> 
> Addam
> 

-- 

   ------------------------------------------------------------
   Gary Dobbins, CISSP -- Director, Information Security
   University of Notre Dame, Office of Information Technologies


More information about the unisog mailing list