Truly secure internal servers
The problem with security lies in striking a balance between being secure and enabling people to do their jobs.
The above phrase is pretty much my security mantra although I'm wondering if I should change it to add " and trust your IT staff" as it seems that many companies these days expect their IT staff to do the impossible and secure systems to the point where even they cannot access them (payroll systems spring to mind).
Well, Here is a shock - There is no such thing as a truly secure system. As soon as you allow someone inside the network perimeter and give them the ability to change something you just reduced the security. The problem here is one of security being a double-edged sword. As soon as you put the simplest security in place you need someone to administer that security.
Make someone log into a system and you have to give someone else the rights to reset passwords.
Once you have a system where data is changing then you need to have that data backed up that means the backup team also have access to that data, Remember to encrypt those backup tapes and to ensure only authorised personnel can call the data back.
Does the system need a sql database? Well, better trust your sql admins then because they will have access to the data and it's database dumps.
Putting the database or application data onto a NAS or SAN? Congrats, you just gave the storage team access.
OK, lets isolate the system totally in a corner of the server room.. well that won’t work either because you still need to have a server person build and rack the server, probably a database person to install the local database and you still need it backed up now remind me who has access to those tapes?
The only solution to servers that hold such confidential data that even the IT dept cannot access them is to outsource them but then you have to trust the outsourcing company.
The real answer to this dilemma is to trust your staff But audit regularly, use an external/independent team. That's the closest you can get to a secure system when you HAVE to people accessing the server(s). If you don't trust you admin(s) then fire them because in any industry where you have confidential data and trade secrets you must be able to trust people at the core of the systems.
Subscribe to Ramblings of a Sysadmin
Get the latest posts delivered right to your inbox