[unisog] Admin Access to Servers

O'Callaghan, Daniel Daniel.OCallaghan at sinclair.edu
Thu Nov 16 13:08:04 GMT 2006


Why a second machine?  We don't mandate it, but some of us use laptops
with docking stations instead of desktops. It costs a little more
initially to buy the higher-end laptop, bump the memory, & buy the
external devices, but it's still likely less $$$ than two machines.  My
docking station still allows dual-monitor use, standard keyboard &
mouse, USB peripherals, etc.  It provides much more flexibility as am
not tied to the office/desk when troubleshooting. Two caveats:
1. invest in laptops with the TPM module or similar technology that
securely locks the hard drive (we use HP ProtectTools & DriveLock)
2. buy a couple of good cable locks & enforce using them, especially in
cubicle or other open-office environments. 


________________________________________________
Dan O'Callaghan, MBA, CISSP
CISO
Sinclair Community College
444 West Third Street, 14-324
Dayton, Ohio 45402-1460
937-512-2452 Fax 937-512-3124
daniel.ocallaghan at sinclair.edu



Date: Wed, 15 Nov 2006 08:58:45 -0500
From: Addam Schroll <addam at purdue.edu>
Subject: [unisog] Admin Access to Servers
To: unisog at lists.dshield.org
Message-ID: <455B1D15.8040507 at purdue.edu>
Content-Type: text/plain; charset=ISO-8859-1

Our Central IT group currently has a project underway to move all
administrative access to their critical infrastructure servers
(databases, Active Directory, etc) onto a private management network.

The current concept goes so far as to require each admin to carry a
separate laptop from their normal machine in order to allow remote
access from home or work.  Unfortunately, the extra machine and
draconian policies have the admins up in arms.

I applaud the effort to try and further lock down access to the machines
that hold the keys to the kingdom, but I'm concerned that the pendulum
has swung to far in the security direction this time.

So I'm curious what security controls, policies, or procedures others
have in place at their institutions to protect access to critical
infrastructure.  What controls have been the most useful?  How have they
affected usability and productivity of the system administrators?

Any feedback, direct or back to the list, would be appreciated.

Addam

--
Addam Schroll
IT Security and Privacy Analyst
Office of the Vice President for Information Technology Security and
Privacy, Purdue University addam at purdue.edu
PGP/GPG: B3FD 239B 573E D7F8 076B 9FDC 347D 4D4E 355F E9D0



More information about the unisog mailing list