Generally here I speak of web design and development, but I do have other roles that I have played.  Today, I want to speak as a Systems Administrator and talk about security.

Security on a network level is based on a number of different factors, most of which are addressable any sort of systems group.  These include patches, firewalls, open ports, password policies, etc.  Generally the weakest link in network security is the rules.

A sysadmin must walk a fine line between enabling users to work as unencumbered as they wish and to protect the users from themselves.  For this reason, best practices must be put into place.  Hopefully an organization will also codify officially these rules so that everyone knows the playing field.

A major rule that I have always had is one in which remote access is minimized.  In fact, I call this rule “No Remote Access.”  Remote access allows for a user to (surprise) remotely access network resources (shared files on a server, etc.).  This means that I, as sysadmin, lose control of the client machines.  I can no longer verify that they are virus free, that they haven’t been stolen with all the passwords and addresses saved or written down.  In short, the portions of the network that the user has access to are compromised in such a way that I have no idea what is legitimate or not.

By enabling remote access in an organization, you are in fact greatly increasing the chance of downtime due to virus or lost data.  Does that seem smart?

This entry was posted on Thursday, October 26th, 2006 at 9:06 am and is filed under Writings, programming, mobile_computing, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.